From cba4a991c0f554c2b5e3dec7e882476ff73760bb Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Sun, 13 Jan 2008 05:59:13 +0000
Subject: minor tweaks to session insertion to prevent crazy people with http
 agent strings over 255 from breaking the query, also fixed missing truncate

---
 lib/class/vauth.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/class/vauth.class.php')

diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php
index 761e5a65..a7d2dc91 100644
--- a/lib/class/vauth.class.php
+++ b/lib/class/vauth.class.php
@@ -264,10 +264,10 @@ class vauth {
 		} // end switch on data type 
 		
 	        $username       = Dba::escape($data['username']);
-	        $ip             = Dba::escape(ip2int($_SERVER['REMOTE_ADDR']));
+	        $ip             = $_SERVER['REMOTE_ADDR'] ? Dba::escape(ip2int($_SERVER['REMOTE_ADDR'])) : '0'; 
 	        $type           = Dba::escape($data['type']);
 	        $value          = Dba::escape($data['value']);
-		$agent		= Dba::escape($_SERVER['HTTP_USER_AGENT']); 
+		$agent		= Dba::escape(substr($_SERVER['HTTP_USER_AGENT'],0,254)); 
 	        $expire         = Dba::escape(time() + Config::get('session_length'));
 
 	        /* We can't have null things here people */
-- 
cgit