This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
In August 2007 a hacker found a way to expose the PHP source code on facebook.com. He retrieved two files and then emailed them to me, and I wrote about the issue:
http://techcrunch.com/2007/08/11/facebook-source-code-leaked/
It became a big deal:
http://www.techmeme.com/070812/p1#a070812p1
The two files are index.php (the homepage) and search.php (the search page)
| <?php | |
| function get_ip_address() { | |
| $ip_keys = array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR'); | |
| foreach ($ip_keys as $key) { | |
| if (array_key_exists($key, $_SERVER) === true) { | |
| foreach (explode(',', $_SERVER[$key]) as $ip) { | |
| // trim for safety measures | |
| $ip = trim($ip); | |
| // attempt to validate IP | |
| if (validate_ip($ip)) { |
Awesome PHP has been relocated permanently to its own Github repository. No further updates will made to this gist.
Please open an issue for any new suggestions.
