[wp-trac] Re: [WordPress Trac] #4579: IPv6 IPs

[WordPress Trac]

#4579: IPv6 IPs
------------------------------------------+---------------------------------
 Reporter:  xiand0                        |        Owner:  pishmishy
     Type:  defect                        |       Status:  assigned 
 Priority:  low                           |    Milestone:  2.4      
Component:  General                       |      Version:           
 Severity:  minor                         |   Resolution:           
 Keywords:  has-patch ipv6 needs-testing  |  
------------------------------------------+---------------------------------
Comment (by ruckus):

 I don't think comma and space should be included, if we really want to
 have such strict checking.  I don't see how there could be multiple IP
 addresses in `$_SERVER['REMOTE_ADDR']`.  If someone knows how this can
 happen, it should be documented.  A network connection only has 2 end-
 points, local and remote.

 However, I'd like to vote once more for less strict filtering of the data.
 We should protect against SQL injection, but not more.  Having overly
 strict filtering doesn't have any benefits that I can see, but can cause
 unnecessary problems if new address formats come up in the future.

 At the very minimum we should not mangle the value, but rather record
 something like the static string "invalid" if we don't like the contents.
 I don't think storing a mangled value (like is currently happening with
 IPv6) has any useful value.

 I'd produce a new patch, but I couldn't find out a couple of things:

  * where is the comment data escaped for database injection currently, to
 protect against SQL injection?
  * where is `$postc` defined?

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4579#comment:16>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software