php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #76961
Patch voting.patch revision 2018-12-11 00:48 UTC by petk@php.net

Patch voting.patch for Systems problem Bug #76961

Patch version 2018-12-11 00:48 UTC

Return to Bug #76961 | Download this patch
Patch Revisions:

Developer: petk@php.net

From 8cdf0224117a223726c6446014a09cec2750e1f5 Mon Sep 17 00:00:00 2001
From: Peter Kokot <peterkokot@gmail.com>
Date: Sat, 24 Nov 2018 01:24:18 +0100
Subject: [PATCH] Fix #76961: vote throws a Server Error over ipv6

This patch fixes a bug when user with IPv6 is voting on a bug. It syncs
the functionality with the rest of the ip column types in the database.

Before applying this patch, the database schema need to be updated and
current IPs should ideally be converted from integers to numeric values
returned by the INET6_ATON() MySQL function.
---
 sql/schema.sql |  2 +-
 www/vote.php   | 14 +++++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/sql/schema.sql b/sql/schema.sql
index f47075c..cb72ab0 100644
--- a/sql/schema.sql
+++ b/sql/schema.sql
@@ -97,7 +97,7 @@ CREATE TABLE bugdb_subscribe (
 CREATE TABLE bugdb_votes (
   bug int(8) NOT NULL default '0',
   ts timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
-  ip int(10) unsigned NOT NULL default '0',
+  ip varbinary(16) NOT NULL,
   score int(3) NOT NULL default '0',
   reproduced int(1) NOT NULL default '0',
   tried int(1) NOT NULL default '0',
diff --git a/www/vote.php b/www/vote.php
index 94df5fe..de1a9f3 100644
--- a/www/vote.php
+++ b/www/vote.php
@@ -57,11 +57,11 @@ function get_real_ip ()
 	return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);
 }
 
-$ip = ip2long(get_real_ip());
+$ip = get_real_ip();
 // TODO: check if ip address has been banned. hopefully this will never need to be implemented.
 
 // Check whether the user has already voted on this bug.
-$bug_check = $dbh->prepare("SELECT bug, ip FROM bugdb_votes WHERE bug = ? AND ip = ? LIMIT 1")
+$bug_check = $dbh->prepare("SELECT bug, ip FROM bugdb_votes WHERE bug = ? AND ip = INET6_ATON(?) LIMIT 1")
 	->execute([$id, $ip])
 	->fetchRow();
 
@@ -70,13 +70,17 @@ function get_real_ip ()
 	$dbh->prepare("
 		INSERT INTO bugdb_votes (bug, ip, score, reproduced, tried, sameos, samever)
 		VALUES (
-			{$id}, {$ip}, {$score}, " .
+			?, INET6_ATON(?), ?, " .
 			($reproduced == 1 ? "1," : "0,") .
 			($reproduced != 2 ? "1," : "0,") .
 			($reproduced ? "$sameos," : "NULL,") .
 			($reproduced ? "$samever" : "NULL") .
 		')'
-	)->execute();
+	)->execute([
+		$id,
+		$ip,
+		$score
+	]);
 
 	// redirect to the bug page (which will display the success message)
 	redirect("bug.php?id=$id&thanks=6");
@@ -84,7 +88,7 @@ function get_real_ip ()
 	// As the user has already voted, just update their existing vote.
 	$dbh->prepare("UPDATE bugdb_votes
 		SET score = ?, reproduced = ? , tried = ?, sameos = ?, samever = ?
-		WHERE bug = ? AND ip = ?")
+		WHERE bug = ? AND ip = INET6_ATON(?)")
 		->execute([
 			$score,
 			($reproduced == 1 ? "1" : "0"),
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Dec 15 10:01:25 2019 UTC