Fix #1468 inconsistent use of REMOTE_ADDR vs. RX_CLIENT_IP

2026-01-05 09:41:40 +09:00 · 2020-11-18 00:17:49 +09:00 · 2020-11-18 00:17:49 +09:00 · 2d6a175b19
commit 2d6a175b19
parent 996ca166e8
11 changed files with 24 additions and 32 deletions
--- a/modules/adminlogging/adminlogging.controller.php
+++ b/modules/adminlogging/adminlogging.controller.php
@ -41,7 +41,7 @@ class adminloggingController extends adminlogging
 		$args = new stdClass();
 		$args->module = $module;
 		$args->act = $act;
-		$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+		$args->ipaddress = \RX_CLIENT_IP;
 		$args->regdate = date('YmdHis');
 		$args->requestVars = print_r(Context::getRequestVars(), TRUE);

--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@ -171,7 +171,7 @@ class commentController extends comment
 		}
 		else
 		{
-			$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+			$args->ipaddress = \RX_CLIENT_IP;
 		}
 		$output = executeQuery('comment.getCommentVotedLogInfo', $args);
 		if(!$output->data->count)
@ -1439,7 +1439,7 @@ class commentController extends comment
 		$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);

 		// Pass if the author's IP address is as same as visitor's.
-		if($oComment->get('ipaddress') == $_SERVER['REMOTE_ADDR'])
+		if($oComment->get('ipaddress') == \RX_CLIENT_IP)
 		{
 			$_SESSION['voted_comment'][$comment_srl] = false;
 			return new BaseObject(-1, $failed_voted);
@ -1467,7 +1467,7 @@ class commentController extends comment
 		}
 		else
 		{
-			$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+			$args->ipaddress = \RX_CLIENT_IP;
 		}
 		$args->comment_srl = $comment_srl;
 		$output = executeQuery('comment.getCommentVotedLogInfo', $args);
@ -1582,7 +1582,7 @@ class commentController extends comment
 		$oComment = CommentModel::getComment($comment_srl, FALSE, FALSE);

 		// failed if both ip addresses between author's and the current user are same.
-		if($oComment->get('ipaddress') == $_SERVER['REMOTE_ADDR'])
+		if($oComment->get('ipaddress') == \RX_CLIENT_IP)
 		{
 			$_SESSION['declared_comment'][$comment_srl] = TRUE;
 			return new BaseObject(-1, 'failed_declared');
--- a/modules/counter/counter.model.php
+++ b/modules/counter/counter.model.php
@ -33,7 +33,7 @@ class counterModel extends counter
 		
 		$args = new stdClass();
 		$args->regdate = $date;
-		$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+		$args->ipaddress = \RX_CLIENT_IP;
 		$args->site_srl = $site_srl;
 		$output = executeQuery('counter.getCounterLog', $args);
 		$iplogged = $output->data->count ? true : false;
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@ -216,7 +216,7 @@ class documentController extends document
 		}
 		else
 		{
-			$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+			$args->ipaddress = \RX_CLIENT_IP;
 		}
 		$output = executeQuery('document.getDocumentVotedLogInfo', $args);
 		
@ -460,7 +460,7 @@ class documentController extends document
 		
 		if($obj->notify_message != 'Y') $obj->notify_message = 'N';
 		if(!$obj->email_address) $obj->email_address = '';
-		if(!$isRestore) $obj->ipaddress = $_SERVER['REMOTE_ADDR'];
+		if(!$isRestore) $obj->ipaddress = \RX_CLIENT_IP;
 		$obj->isRestore = $isRestore ? true : false;
 		
 		// Sanitize variables
@ -1320,7 +1320,7 @@ class documentController extends document
 		if ($config->view_count_option == 'once')
 		{
 			// Pass if the author's IP address is as same as visitor's.
-			if($oDocument->get('ipaddress') == $_SERVER['REMOTE_ADDR'])
+			if($oDocument->get('ipaddress') == \RX_CLIENT_IP)
 			{
 				if (Context::getSessionStatus())
 				{
@ -1536,7 +1536,7 @@ class documentController extends document
 		$oDocument = DocumentModel::getDocument($document_srl, false, false);

 		// Pass if the author's IP address is as same as visitor's.
-		if($oDocument->get('ipaddress') == $_SERVER['REMOTE_ADDR'])
+		if($oDocument->get('ipaddress') == \RX_CLIENT_IP)
 		{
 			$_SESSION['voted_document'][$document_srl] = false;
 			return new BaseObject(-1, $failed_voted);
@ -1564,7 +1564,7 @@ class documentController extends document
 		}
 		else
 		{
-			$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+			$args->ipaddress = \RX_CLIENT_IP;
 		}
 		$args->document_srl = $document_srl;
 		$output = executeQuery('document.getDocumentVotedLogInfo', $args);
@ -1683,7 +1683,7 @@ class documentController extends document
 		$oDocument = DocumentModel::getDocument($document_srl, false, false);

 		// Pass if the author's IP address is as same as visitor's.
-		if($oDocument->get('ipaddress') == $_SERVER['REMOTE_ADDR'])
+		if($oDocument->get('ipaddress') == \RX_CLIENT_IP)
 		{
 			$_SESSION['declared_document'][$document_srl] = true;
 			return new BaseObject(-1, 'failed_declared');
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@ -508,7 +508,7 @@ class documentItem extends BaseObject
 		}
 		else
 		{
-			$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+			$args->ipaddress = \RX_CLIENT_IP;
 		}
 		$args->document_srl = $this->document_srl;
 		$output = executeQuery('document.getDocumentVotedLog', $args);
--- a/modules/member/member.class.php
+++ b/modules/member/member.class.php
@ -560,7 +560,7 @@ class member extends ModuleObject {
 		if(!$oDB->isTableExists('member_login_count') || $config->enable_login_fail_report == 'N') return new BaseObject($error, $message);

 		$args = new stdClass();
-		$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+		$args->ipaddress = \RX_CLIENT_IP;

 		$output = executeQuery('member.getLoginCountByIp', $args);
 		if($output->data && $output->data->count)
@ -609,14 +609,14 @@ class member extends ModuleObject {
 		{
 			//update
 			$content = unserialize($output->data->content);
-			$content[] = array($_SERVER['REMOTE_ADDR'],lang($message),$_SERVER['REQUEST_TIME']);
+			$content[] = array(\RX_CLIENT_IP, lang($message), \RX_TIME);
 			$args->content = serialize($content);
 			$output = executeQuery('member.updateLoginCountHistoryByMemberSrl', $args);
 		}
 		else
 		{
 			//insert
-			$content[0] = array($_SERVER['REMOTE_ADDR'],lang($message),$_SERVER['REQUEST_TIME']);
+			$content[0] = array(\RX_CLIENT_IP, lang($message), \RX_TIME);
 			$args->content = serialize($content);
 			$output = executeQuery('member.insertLoginCountHistoryByMemberSrl', $args);
 		}
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@ -2365,7 +2365,7 @@ class memberController extends member
 		// check IP access count.
 		$config = MemberModel::getMemberConfig();
 		$args = new stdClass();
-		$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+		$args->ipaddress = \RX_CLIENT_IP;

 		// check identifier
 		if((!$config->identifiers || in_array('email_address', $config->identifiers)) && strpos($user_id, '@') !== false)
@ -2440,7 +2440,7 @@ class memberController extends member
 			}
 			else
 			{
-				$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+				$args->ipaddress = \RX_CLIENT_IP;
 				$output = executeQuery('member.deleteLoginCountByIp', $args);
 			}
 		}
--- a/modules/poll/poll.controller.php
+++ b/modules/poll/poll.controller.php
@ -335,7 +335,7 @@ class pollController extends poll
 		$member_srl = $logged_info->member_srl?$logged_info->member_srl:0;

 		$log_args->member_srl = $member_srl;
-		$log_args->ipaddress = $_SERVER['REMOTE_ADDR'];
+		$log_args->ipaddress = \RX_CLIENT_IP;
 		$output = executeQuery('poll.insertPollLog', $log_args);

 		if(!$output->toBool())
--- a/modules/poll/poll.model.php
+++ b/modules/poll/poll.model.php
@ -199,7 +199,7 @@ class pollModel extends poll
 		}
 		else
 		{
-			$args->ipaddress = $_SERVER['REMOTE_ADDR'];
+			$args->ipaddress = \RX_CLIENT_IP;
 		}
 		$output = executeQuery('poll.getPollLog', $args);
 		if($output->data->count) return true;
--- a/modules/session/session.controller.php
+++ b/modules/session/session.controller.php
@ -34,15 +34,7 @@ class sessionController extends session
 		$output = executeQuery('session.getSession', $args);
 		$session_info = $output->data;

-		//if ip has changed delete the session from db
-		if($session_info->session_key == $session_key && $session_info->ipaddress != $_SERVER['REMOTE_ADDR'])
-		{
-			executeQuery('session.deleteSession', $args);
-
-			return true;
-		}
-
-		$args->expired = date("YmdHis", $_SERVER['REQUEST_TIME'] + $this->lifetime);
+		$args->expired = date("YmdHis", time() + $this->lifetime);
 		$args->val = $val;
 		$args->cur_mid = Context::get('mid');

@ -61,8 +53,8 @@ class sessionController extends session
 		{
 			$args->member_srl = 0;
 		}
-		$args->ipaddress = $_SERVER['REMOTE_ADDR'];
-		$args->last_update = date("YmdHis", $_SERVER['REQUEST_TIME']);
+		$args->ipaddress = \RX_CLIENT_IP;
+		$args->last_update = date('YmdHis');

 		//put session into db
 		if($session_info->session_key)
--- a/modules/trash/trash.admin.controller.php
+++ b/modules/trash/trash.admin.controller.php
@ -24,7 +24,7 @@ class trashAdminController extends trash

 		if(!$oTrashVO->getTrashSrl()) $oTrashVO->setTrashSrl(getNextSequence());
 		if(!is_string($oTrashVO->getSerializedObject())) $oTrashVO->setSerializedObject(serialize($oTrashVO->getSerializedObject()));
-		$oTrashVO->setIpaddress($_SERVER['REMOTE_ADDR']);
+		$oTrashVO->setIpaddress(\RX_CLIENT_IP);
 		$oTrashVO->setRemoverSrl($logged_info->member_srl);
 		$oTrashVO->setRegdate(date('YmdHis'));