Plugin Directory


Opened 8 years ago

#1127 new defect

Proxy IP authentication / multiple vote issue with WP-PostRatings

Reported by: jfine Owned by: GamerZ
Priority: high Severity: major
Plugin: wp-postratings Keywords: X_FORWARDED_FOR, unknown, authentication, multiple vote


We noticed an issue with the WP-PostRatings plugin where a user behind a proxy with an unknown X_FORWARDED_FOR header would be allowed to vote multiple times per post.

It seems that others have seen unknown in the X_FORWARDED_FOR header as well. It looks like it may be caused by an IIS proxy.


It's caused by how intval() treats strings (converting to 0 or false) and thus anytime there is a string (such as unknown) for the IP address the function's check_rated_cookie() and function check_rated_username() will always return false even if the user has already voted.

We have implemented a temporary patch our side but I wanted to pass along our fix with the hope that you could integrate it into your plugin. Below is the diff.

--- a/credit-cards/wp-content/plugins/wp-postratings/wp-postratings.php
+++ b/credit-cards/wp-content/plugins/wp-postratings/wp-postratings.php
@@ -299,9 +299,8 @@ function check_rated_cookie($post_id) {
 function check_rated_ip($post_id) {
        global $wpdb;
        // Check IP From IP Logging Database
-       $get_rated = $wpdb->get_var("SELECT rating_ip FROM $wpdb->ratings WHERE rating_postid = $post_id AND rating_ip = '".get_ipaddress()."'");
        // 0: False | > 0: True
-       return intval($get_rated);
+       return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->ratings WHERE rating_postid = $post_id AND rating_ip = '".get_ipaddress()."'");
@@ -313,9 +312,8 @@ function check_rated_username($post_id) {
        $rating_userid = intval($user_ID);
        // Check User ID From IP Logging Database
-       $get_rated = $wpdb->get_var("SELECT rating_userid FROM $wpdb->ratings WHERE rating_postid = $post_id AND rating_userid = $rating_userid");
        // 0: False | > 0: True
-       return intval($get_rated);
+       return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->ratings WHERE rating_postid = $post_id AND rating_userid = $rating_userid");


Change History (0)

Note: See TracTickets for help on using tickets.