Microsoft.AspNetCore.Mvc.Localization.LocalizedHtmlStringnew security fix, Snitz 3.4.07

new security fix, Snitz 3.4.07

Printed from: Snitz™ Forums 2000
URL: https://forum.snitz.com/forumTopic/Posts/69117?pagenum=1
Printed on: 04 November 2025, 05:01

Topic

Author : ruirib
Subject : new security fix, Snitz 3.4.07
Posted : 11 January 2010, 08:10
Message :

We are posting a security fix to several Snitz files, involving the handling of IP addresses.
1. Inc_func_common.asp, lines #576-584, add the red part:

Code:


function UpdateLastHereDate(fTime,UserName)
	UserIPAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
	if UserIPAddress = "" or left(UserIPAddress, 7) = "unknown" then
  		UserIPAddress = Request.ServerVariables("REMOTE_ADDR")
	elseif InStr(UserIPAddress, ",") > 0 then
		UserIPAddress = Left(UserIPAddress, InStr(UserIPAddress, ",")-1)
	elseif InStr(UserIPAddress, ";") > 0 then
		UserIPAddress = Left(UserIPAddress, InStr(UserIPAddress, ";")-1)
	end If
	UserIPAddress = Trim(ChkString(UserIPAddress,"SQLString"))

2. The same fix (adding the red line) is needed in:

- Line#825, post_info.asp;
- Line#1017, post_info.asp;
- Line#544, register.asp;

3. Not Snitz base code, but as it is used in many forums, IPgate may need a similar fix. Somewhere around line#73, inc_ipgate.asp above

Code:


 useriparr = split(userip,".")

add this line:

Code:


userip = Trim(ChkString(userip,"SQLString"))

This affects Snitz 3.4.07. Previous versions that applied a bug fix that was posted for 3.4.06, using server variables HTTP_X_FORWARDED_FOR and REMOTE_ADDR may need similar fixing.