Default IP address to `::` if `$_SERVER['REMOTE_ADDR']` is unavailable

The session list within the AccountSecurityPage relies on all sessions storing
valid IP addresses. When using `cli.php` no `REMOTE_ADDR` will be available and
an empty string was being stored. As the empty string is not a valid IP address
the `\wcf\util\IpAddress` class errored out.

Fix this issue by always returning a syntactically valid IP address from
`UserUtil::getIpAddress()`. `::` is being used which is commonly used to
indicate unknown IP addresses and must never appear within valid IP packets.

diff --git a/wcfsetup/install/files/lib/util/UserUtil.class.php b/wcfsetup/install/files/lib/util/UserUtil.class.php
index 5bb6ca56d282fe5512323d19a33cc4702751d14f..9d1b774ec9f85d18165c99bcaf62c93322ed3084 100644 (file)
--- a/wcfsetup/install/files/lib/util/UserUtil.class.php
+++ b/wcfsetup/install/files/lib/util/UserUtil.class.php
@@ -145,8 +145,8 @@ final class UserUtil
      */
     public static function getIpAddress()
     {
-        $REMOTE_ADDR = '';
-        if (isset($_SERVER['REMOTE_ADDR'])) {
+        $REMOTE_ADDR = '::';
+        if (!empty($_SERVER['REMOTE_ADDR'])) {
             $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
         }