From 322685c16c4abb6941c12bec51ba858ad97b0caa Mon Sep 17 00:00:00 2001
From: Dominik Pfennig <dominik@suma-ev.de>
Date: Wed, 1 Feb 2017 09:46:11 +0100
Subject: [PATCH] =?UTF-8?q?IP-Adresse=20wird=20nun=20tempor=C3=A4r=20gespe?=
 =?UTF-8?q?ichert,=20damit=20wir=20Bots=20sperren=20und=20den=20Server=20f?=
 =?UTF-8?q?=C3=BCr=20echte=20Nutzer=20schnell=20behalten=20k=C3=B6nnen?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/MetaGer.php  | 9 +++++----
 public/index.php | 7 -------
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/app/MetaGer.php b/app/MetaGer.php
index 46b98c89a..166990284 100644
--- a/app/MetaGer.php
+++ b/app/MetaGer.php
@@ -871,6 +871,10 @@ class MetaGer
         $this->q       = strtolower($this->eingabe);
         # IP
         $this->ip = $request->ip();
+        # Unser erster Schritt wird sein, IP-Adresse und USER-Agent zu anonymisieren, damit
+        # nicht einmal wir selbst noch Zugriff auf die Daten haben:
+        $this->ip = preg_replace("/(\d+)\.(\d+)\.\d+.\d+/s", "$1.$2.0.0", $this->ip);
+
         # Language
         if (isset($_SERVER['HTTP_LANGUAGE'])) {
             $this->language = $_SERVER['HTTP_LANGUAGE'];
@@ -1153,12 +1157,9 @@ class MetaGer
             {
                 $logEntry = "";
                 $logEntry .= "[" . date(DATE_RFC822, mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y"))) . "]";
+                $logEntry .= " ip=" . $this->request->ip();
                 $logEntry .= " pid=" . getmypid();
                 $logEntry .= " ref=" . $this->request->header('Referer');
-                $useragent = $this->request->header('User-Agent');
-                $useragent = str_replace("(", " ", $useragent);
-                $useragent = str_replace(")", " ", $useragent);
-                $useragent = str_replace(" ", "", $useragent);
                 $logEntry .= " time=" . round((microtime(true) - $this->starttime), 2) . " serv=" . $this->fokus;
                 $logEntry .= " search=" . $this->eingabe;
 
diff --git a/public/index.php b/public/index.php
index 7b011c51f..b67e0a6e9 100644
--- a/public/index.php
+++ b/public/index.php
@@ -13,13 +13,6 @@ if (isset($_SERVER["HTTP_FORWARDED"]) && isset($_SERVER["HTTP_X_FORWARDED_FOR"])
     unset($_SERVER["HTTP_FORWARDED"]);
 }
 
-# Unser erster Schritt wird sein, IP-Adresse und USER-Agent zu anonymisieren, damit
-# nicht einmal wir selbst noch Zugriff auf die Daten haben:
-if (!isset($_SERVER['HTTP_X_FORWARDED_FOR']) && isset($_SERVER['REMOTE_ADDR'])) {
-    $_SERVER['REMOTE_ADDR'] = preg_replace("/(\d+)\.(\d+)\.\d+.\d+/s", "$1.$2.0.0", $_SERVER['REMOTE_ADDR']);
-} elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-    $_SERVER['HTTP_X_FORWARDED_FOR'] = preg_replace("/(\d+)\.(\d+)\.\d+.\d+/s", "$1.$2.0.0", $_SERVER['HTTP_X_FORWARDED_FOR']);
-}
 if (isset($_SERVER['HTTP_USER_AGENT'])) {
     $agentPieces = explode(" ", $_SERVER['HTTP_USER_AGENT']);
 
-- 
GitLab