Only need to untaint environment variable.

author: Petter Reinholdtsen <pere@hungry.com> 2007-11-24 10:33:19 +0000
committer: Petter Reinholdtsen <pere@hungry.com> 2007-11-24 10:33:19 +0000
commit: b05cdd619bce251620339bb78b53fbf8f72a260c (patch)
tree: ca187f101023c1b33e1009575a91a9fc8b6c62bb /sitesummary-collector.cgi
parent: 77331571cb543d4da009fd76806f2b55c85efba4 (diff)
download: sitesummary-b05cdd619bce251620339bb78b53fbf8f72a260c.tar.gz
sitesummary-b05cdd619bce251620339bb78b53fbf8f72a260c.tar.bz2
sitesummary-b05cdd619bce251620339bb78b53fbf8f72a260c.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/sitesummary-collector.cgi b/sitesummary-collector.cgi
index 1028190..68ab091 100644
--- a/sitesummary-collector.cgi
+++ b/sitesummary-collector.cgi
@@ -151,6 +151,8 @@ sub get_peerinfo {
         $peername = gethostbyaddr($peeripaddr, AF_INET);
     } elsif ($ENV{'REMOTE_ADDR'}) { # CGI variable
         $peeripaddr = $ENV{'REMOTE_ADDR'};
+        $peeripaddr =~ m/(\d+).(\d+).(\d+).(\d+)/; # Untaint
+        $peeripaddr = "$1.$2.$3.$4";
         $peername = gethostbyaddr($peeripaddr, AF_INET);
     } else {
         # Running on the command line, use test host
@@ -161,7 +163,5 @@ sub get_peerinfo {
         syslog('warning', "%s", "client without DNS entry connected from \[$peeripaddr\]");
         $peername = "$peeripaddr";
     }
-    $peeripaddr =~ m/(\d+).(\d+).(\d+).(\d+)/; # Untaint
-    $peeripaddr = "$1.$2.$3.$4";
     return ($peeripaddr, $peername);
 }
author	Petter Reinholdtsen <pere@hungry.com>	2007-11-24 10:33:19 +0000
committer	Petter Reinholdtsen <pere@hungry.com>	2007-11-24 10:33:19 +0000
commit	b05cdd619bce251620339bb78b53fbf8f72a260c (patch)
tree	ca187f101023c1b33e1009575a91a9fc8b6c62bb /sitesummary-collector.cgi
parent	77331571cb543d4da009fd76806f2b55c85efba4 (diff)
download	sitesummary-b05cdd619bce251620339bb78b53fbf8f72a260c.tar.gz sitesummary-b05cdd619bce251620339bb78b53fbf8f72a260c.tar.bz2 sitesummary-b05cdd619bce251620339bb78b53fbf8f72a260c.tar.xz