# HG changeset patch # User Pascal Bellard # Date 1342429621 -7200 # Node ID a6697022a666ef2faa85aaa8adfb1e9883a5ce62 # Parent 2eb82e8dc17d46ab60afe500b65f8ede5fc6bef3 zerobin: add proxy fix diff -r 2eb82e8dc17d -r a6697022a666 zerobin/stuff/zerobin.u --- a/zerobin/stuff/zerobin.u Mon Jul 16 10:19:42 2012 +0200 +++ b/zerobin/stuff/zerobin.u Mon Jul 16 11:07:01 2012 +0200 @@ -14,3 +14,38 @@ var cipherdata = zeroCipher(randomkey,$('textarea#message').val()); var data_to_send = { data:cipherdata, expire:$('select#pasteExpiration').val(), +--- index.php ++++ index.php +@@ -16,6 +16,13 @@ + $_COOKIE = array_map('stripslashes_deep', $_COOKIE); + } + ++function remote_address() ++{ ++ if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) ++ return $_SERVER["HTTP_X_FORWARDED_FOR"]; ++ return $_SERVER["REMOTE_ADDR"]; ++} ++ + // trafic_limiter : Make sure the IP address makes at most 1 request every 10 seconds. + // Will return false if IP address made a call less than 10 seconds ago. + function trafic_limiter_canPass($ip) +@@ -136,7 +143,7 @@ + } + + // Make sure last paste from the IP address was more than 10 seconds ago. +- if (!trafic_limiter_canPass($_SERVER['REMOTE_ADDR'])) ++ if (!trafic_limiter_canPass(remote_address())) + { echo json_encode(array('status'=>1,'message'=>'Please wait 10 seconds between each post.')); exit; } + + // Make sure content is not too big. +@@ -191,7 +198,7 @@ + // (We assume that if the user did not enter a nickname, he/she wants + // to be anonymous and we will not generate the vizhash.) + $vz = new vizhash16x16(); +- $pngdata = $vz->generate($_SERVER['REMOTE_ADDR']); ++ $pngdata = $vz->generate(remote_address()); + if ($pngdata!='') $meta['vizhash'] = 'data:image/png;base64,'.base64_encode($pngdata); + // Once the avatar is generated, we do not keep the IP address, nor its hash. + } +