dhensby

you might not want to do much more, but the framework does 😉

dhensby

whilst it probably is spoof-able… it’s much harder to do and probably not spoofable in the sense that you can get around rate limiting with it

dorsetdigital

Yeah, I don't want to do anything other than log it really, and possibly geo-locate against it on another site.

dhensby

where as the client IP is set from the OS / network level

dhensby

because as @andante says, it’s just a header that any client can set

☝️ (1)
dhensby

if you’re behind a proxy which puts the true client ip in the x-forwarded-for header then you need to whitelist that proxy either by IP or by *

andante

where did constants php go? lol

dhensby

next you’ll be asking where is functions.php 🙄

kinglozzer

It’s right here https://github.com/silverstripe/silverstripe-framework/blob/4/src/includes/functions.php

Show 1 attachment(s)
src/includes/functions.php

<?php

use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\i18n\i18n;
use SilverStripe\Core\Manifest\ModuleManifest;

///////////////////////////////////////////////////////////////////////////////
// HELPER FUNCTIONS

/**
 * Creates a class instance by the "singleton" design pattern.
 * It will always return the same instance for this class,
 * which can be used for performance reasons and as a simple
 * way to access instance methods which don't rely on instance
 * data (e.g. the custom SilverStripe static handling).
 *
 * @param string $className
 * @return mixed
 */
function singleton($className)
{
    if ($className === Config::class) {
        throw new InvalidArgumentException("Don't pass Config to singleton()");
    }
    if (!isset($className)) {
        throw new InvalidArgumentException("singleton() Called without a class");
    }
    if (!is_string($className)) {
        throw new InvalidArgumentException(
            "singleton() passed bad class_name: " . var_export($className, true)
        );
    }
    return Injector::inst()->get($className);
}

function project()
{
    return ModuleManifest::config()->get('project');
}

/**
 * This is the main translator function. Returns the string defined by $entity according to the
 * currently set locale.
 *
 * Also supports pluralisation of strings. Pass in a `count` argument, as well as a
 * default value with `|` pipe-delimited options for each plural form.
 *
 * @param string $entity Entity that identifies the string. It must be in the form
 * "Namespace.Entity" where Namespace will be usually the class name where this
 * string is used and Entity identifies the string inside the namespace.
 * @param mixed $arg,... Additional arguments are parsed as such:
 *  - Next string argument is a default. Pass in a `|` pipe-delimeted value with `{count}`
 *    to do pluralisation.
 *  - Any other string argument after default is context for i18nTextCollector
 *  - Any array argument in any order is an injection parameter list. Pass in a `count`
 *    injection parameter to pluralise.
 * @return string
 */
function _t($entity, $arg = null)
{
    // Pass args directly to handle deprecation
    return call_user_func_array([i18n::class, '_t'], func_get_args());
}
Hide attachment content
dhensby

The framework should be taking care of resolving the true IP in the request object

 

[2019-03-22 08:12:36] manifestcache-log.WARNING: Failed to save values {"keys":["__CACHE__"],"exception":null} []