|Subject:||This class can be dangerous for non-pro developers.|
|Summary:||Package rating comment|
Artur Graniszewski rated this package as follows:
|This class can be dangerous for non-pro developers.|
Firstly: there is a security flaw in IP detection alghoritm: it's checking for X-Forwarded-For and Client-Ip HTTP headers (ignoring REMOTE_ADDR if one of them is found). Those IP's can be easily spoofed by sending custom HTTP headers like so (pseudo code):
GET / HTTP/1.0
Secondly: this code is a mess, why someone should check $_SERVER superglobal and then use getenv() function, if this function also checks this array (plus $_ENV). Additionally, getenv() is case insensitive, which for example helps on Windows envioronment.
Lastly: why do you use $this->localiza=$ipv;return $this->localiza. localiza is defined as private, and you do not use it for reading, but for writing (setting) only.
Summary: I do not recommend using this class because of security reasons.
|2010-08-17 09:43:22 - In reply to message 1 from Artur Graniszewski|
|Thanks a lot for your feedback. |
I am new to classes (in fact, this was my first one). Your comments motivate me to go into deeper detail and to do all necessary changes until I get a good class.