Login   Register  
PHP Classes
elePHPant
Icontem

This class can be dangerous for non-pro developers.

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      Find IP  >  All threads  >  This class can be dangerous for non-pro developers.  >  (Un) Subscribe thread alerts  
Subject:This class can be dangerous for non-pro developers.
Summary:Package rating comment
Messages:2
Author:Artur Graniszewski
Date:2010-08-17 09:12:20
Update:2010-08-17 09:43:22
 

Artur Graniszewski rated this package as follows:

Utility: Bad
Consistency: Insufficient

  1. This class can be dangerous for non-pro developers.   Reply  
Picture of Artur Graniszewski
Artur Graniszewski
2010-08-17 09:12:20
This class can be dangerous for non-pro developers.

Firstly: there is a security flaw in IP detection alghoritm: it's checking for X-Forwarded-For and Client-Ip HTTP headers (ignoring REMOTE_ADDR if one of them is found). Those IP's can be easily spoofed by sending custom HTTP headers like so (pseudo code):

GET / HTTP/1.0
Host: test.com
Forwarder-For: 127.0.0.1

Secondly: this code is a mess, why someone should check $_SERVER superglobal and then use getenv() function, if this function also checks this array (plus $_ENV). Additionally, getenv() is case insensitive, which for example helps on Windows envioronment.

Lastly: why do you use $this->localiza=$ipv;return $this->localiza. localiza is defined as private, and you do not use it for reading, but for writing (setting) only.

Summary: I do not recommend using this class because of security reasons.

  2. Re: This class can be dangerous for non-pro developers.   Reply  
Picture of Juan Chaves
Juan Chaves
2010-08-17 09:43:22 - In reply to message 1 from Artur Graniszewski
Thanks a lot for your feedback.
I am new to classes (in fact, this was my first one). Your comments motivate me to go into deeper detail and to do all necessary changes until I get a good class.