Push security fix for IP address.

Author: Mark Scherer

Lib/Utility/Utility.php

@@ -145,20 +145,10 @@ public static function strSplit($str, $length = 1) {
 	public static function getClientIp($safe = true) {
 		if (!$safe && env('HTTP_X_FORWARDED_FOR')) {
 			$ipaddr = preg_replace('/(?:,.*)/', '', env('HTTP_X_FORWARDED_FOR'));
+		} elseif (!$safe && env('HTTP_CLIENT_IP')) {
+			$ipaddr = env('HTTP_CLIENT_IP');
 		} else {
-			if (env('HTTP_CLIENT_IP')) {
-				$ipaddr = env('HTTP_CLIENT_IP');
-			} else {
-				$ipaddr = env('REMOTE_ADDR');
-			}
-		}
-
-		if (env('HTTP_CLIENTADDRESS')) {
-			$tmpipaddr = env('HTTP_CLIENTADDRESS');
-
-			if (!empty($tmpipaddr)) {
-				$ipaddr = preg_replace('/(?:,.*)/', '', $tmpipaddr);
-			}
+			$ipaddr = env('REMOTE_ADDR');
 		}
 		return trim($ipaddr);
 	}

Test/Case/View/Helper/FormatHelperTest.php

@@ -136,19 +136,23 @@ public function testSpeedOfIcons() {
 	 */
 	public function testFontIcon() {
 		$result = $this->Format->fontIcon('signin');
-		$expected = '<i class="fa-signin"></i>';
+		$expected = '<i class="fa fa-signin"></i>';
 		$this->assertEquals($expected, $result);
 
 		$result = $this->Format->fontIcon('signin', ['rotate' => 90]);
-		$expected = '<i class="fa-signin fa-rotate-90"></i>';
+		$expected = '<i class="fa fa-signin fa-rotate-90"></i>';
 		$this->assertEquals($expected, $result);
 
 		$result = $this->Format->fontIcon('signin', ['size' => 5, 'extra' => ['muted']]);
-		$expected = '<i class="fa-signin fa-muted fa-5x"></i>';
+		$expected = '<i class="fa fa-signin fa-muted fa-5x"></i>';
+		$this->assertEquals($expected, $result);
+
+		$result = $this->Format->fontIcon('asterisk', ['namespace' => 'glyphicon']);
+		$expected = '<i class="glyphicon glyphicon-asterisk"></i>';
 		$this->assertEquals($expected, $result);
 
 		$result = $this->Format->fontIcon('signin', ['size' => 5, 'extra' => ['muted'], 'namespace' => 'icon']);
-		$expected = '<i class="icon-signin icon-muted icon-5x"></i>';
+		$expected = '<i class="icon icon-signin icon-muted icon-5x"></i>';
 		$this->assertEquals($expected, $result);
 	}
 
@@ -504,7 +508,7 @@ public function testWordCensor() {
 			$res = $this->Format->wordCensor($value, ['Arsch', 'Ficken', 'Bitch']);
 			$this->assertEquals($expected === null ? $value : $expected, $res);
 		}
-		
+
 		$input = 'dfssdfsdj sdkfj sdkfj ksdfj bitch ksdfj';
 		$result = $this->Format->wordCensor($input, ['Bitch'], '***');
 		$expected = 'dfssdfsdj sdkfj sdkfj ksdfj *** ksdfj';

View/Helper/FormatHelper.php

@@ -315,7 +315,9 @@ public function fontIcon($icon, array $options = [], array $attributes = []) {
 		];
 		$options += $defaults;
 		$icon = (array)$icon;
-		$class = [];
+		$class = [
+			$options['namespace']
+		];
 		foreach ($icon as $i) {
 			$class[] = $options['namespace'] . '-' . $i;
 		}