[Duplicate] Check if needle actually exists before strstr? $_SERVER['REMOTE_ADDR']

[s_mack]

Hi. I don't know or understand under what circumstance $_SERVER['REMOTE_ADDR'] would not register, but I periodically get this error in my logs:

PHP Warning: strstr(): Empty needle in /includes/functions/functions_lookups.php on line 712

It hasn't always been that particular file/line but that's the one it was this time. Every time I've seen it, it is related to $_SERVER['REMOTE_ADDR']

I wonder if the function(s) should check if $_SERVER['REMOTE_ADDR'] actually exists prior to doing the strstr?

[DrByte]

Agreed. In v1.5.5 and v1.6.0 it's fixed by ensuring $_SERVER['REMOTE_ADDR'] is never blank, even if the server isn't cooperating by supplying the visitor's IP address.

[s_mack]

Sorry for the duplicate. I should have searched more. Lazy. Bad.

[yesaul]

Agreed. In v1.5.5 and v1.6.0 it's fixed by ensuring $_SERVER['REMOTE_ADDR'] is never blank, even if the server isn't cooperating by supplying the visitor's IP address.

This should probably mean, empty $_SERVER['REMOTE_ADDR'] is being replaced with 'dot' character (in init_sessions.php since 1.5.5), but I'm anyway getting the above mentioned error even using the latest version... (no idea how and why...)

[DrByte]

Maybe your server configuration is blocking all access to that information.

[carlwhat]

hey drB,
i have a v1.5.5 install and i'm seeing this same error. not all the time, just ran into it twice the other day.

it is my understanding the browser could be behind a proxy server. and some code similar to this might help (obviously changed to the ZC section in functions_lookup):

Code:

<?php
    if(! empty($_SERVER['REMOTE_ADDR']) ){
    $ip = $_SERVER['REMOTE_ADDR'];
}
else{
    $ip = empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? '' : $_SERVER['HTTP_X_FORWARDED_FOR'];
}

in addition, it seems a bit odd to be checking the IP address against the exclude admin address list even IF the site is NOT down for maintenance. or perhaps that is just me.

[DrByte]

hey drB,
i have a v1.5.5 install and i'm seeing this same error. not all the time, just ran into it twice the other day.

it is my understanding the browser could be behind a proxy server. and some code similar to this might help (obviously changed to the ZC section in functions_lookup):

Code:

<?php
    if(! empty($_SERVER['REMOTE_ADDR']) ){
    $ip = $_SERVER['REMOTE_ADDR'];
}
else{
    $ip = empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? '' : $_SERVER['HTTP_X_FORWARDED_FOR'];
}

in addition, it seems a bit odd to be checking the IP address against the exclude admin address list even IF the site is NOT down for maintenance. or perhaps that is just me.

I'm struggling to find how it could be blank if your solution is to grab the x_forwarded_for value, since that's already checked ahead of time.
See: https://github.com/zencart/zencart/b....php#L777-L820

[carlwhat]

the problem is here:

https://github.com/zencart/zencart/b...okups.php#L747

i see no checks related to this location.... as the function does not take a variable.....

although i could be wrong....

[DrByte]

The variable is overridden by https://github.com/zencart/zencart/b...ns.php#L54-L59

But, the init_general_funcs loads before init_sessions: https://github.com/zencart/zencart/b....php#L134-L145
It wouldn't surprise me that there are dependencies that prevent switching the order of these, but feel free to change the 70 to 59 as a test and report your findings.