From 6ce881284330487fe3dff3cf740f6befc49914de Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@tinyboard.org>
Date: Fri, 3 Jun 2011 17:36:36 +1000
Subject: [PATCH] safer IP address decryption (KU_RANDOMSEED)

---
 kusabax.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/kusabax.php b/kusabax.php
index 9f6ea7a5..6b17499a 100755
--- a/kusabax.php
+++ b/kusabax.php
@@ -188,7 +188,14 @@
 		}
 		
 		// IP
-		$query->bindValue(':ip', md5_decrypt($post['ip'], $kusabaxc['randomseed']), PDO::PARAM_STR);
+		$ip = md5_decrypt($post['ip'], $kusabaxc['randomseed']);
+		if(!preg_match('/^\d+\.\d+\.\d+\.\d+$/', $ip)) {
+			// Invalid IP address. Wrong KU_RANDOMSEED?
+			
+			$log[] = 'Invalid IP address returned after decryption. Wrong KU_RANDOMSEED?';
+			$ip = '0.0.0.0'; // just set it to something valid and continue
+		}
+		$query->bindValue(':ip', $ip, PDO::PARAM_STR);
 		
 		// Time (`timestamp`)
 		$query->bindValue(':time', $post['timestamp'], PDO::PARAM_INT);