From 8e99dce3f200befcb3d818a03ec883c7784514d6 Mon Sep 17 00:00:00 2001
From: DamienLyon <renou.damien@gmail.com>
Date: Thu, 8 Apr 2021 17:20:48 +0200
Subject: [PATCH 1/3] $navigation_info is null

If $navigation_info is null add defaut values
---
 main/inc/lib/userportal.lib.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/main/inc/lib/userportal.lib.php b/main/inc/lib/userportal.lib.php
index e62ff0e590..56ba8d26ed 100755
--- a/main/inc/lib/userportal.lib.php
+++ b/main/inc/lib/userportal.lib.php
@@ -1007,6 +1007,11 @@ class IndexManager
         // Tabs that are deactivated are added here.
         if (!empty($this->tpl->menu_navigation)) {
             foreach ($this->tpl->menu_navigation as $section => $navigation_info) {
+                
+                if(is_null($navigation_info)) {
+                    $navigation_info['url'] = '';
+                    $navigation_info['title'] = '';
+                }
                 $items[] = [
                     'icon' => null,
                     'link' => $navigation_info['url'],

From 991616bf9e388b2f2d7c5b493718083e48b2cab8 Mon Sep 17 00:00:00 2001
From: DamienLyon <renou.damien@gmail.com>
Date: Thu, 8 Apr 2021 18:55:16 +0200
Subject: [PATCH 2/3] Prevent $navigation_info is null

Prevent $navigation_info is null
---
 main/inc/lib/userportal.lib.php | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/main/inc/lib/userportal.lib.php b/main/inc/lib/userportal.lib.php
index 56ba8d26ed..24577f057d 100755
--- a/main/inc/lib/userportal.lib.php
+++ b/main/inc/lib/userportal.lib.php
@@ -1008,15 +1008,13 @@ class IndexManager
         if (!empty($this->tpl->menu_navigation)) {
             foreach ($this->tpl->menu_navigation as $section => $navigation_info) {
                 
-                if(is_null($navigation_info)) {
-                    $navigation_info['url'] = '';
-                    $navigation_info['title'] = '';
+                if (!empty($navigation_info)) {
+                    $items[] = [
+                        'icon' => null,
+                        'link' => $navigation_info['url'],
+                        'title' => $navigation_info['title'],
+                    ];
                 }
-                $items[] = [
-                    'icon' => null,
-                    'link' => $navigation_info['url'],
-                    'title' => $navigation_info['title'],
-                ];
             }
         }
 

From b9bb577010a0e111e1a9e6ef37a2001619b131a8 Mon Sep 17 00:00:00 2001
From: Renaud Lemaire <rlemaire@cblue.be>
Date: Fri, 4 Jun 2021 11:35:30 +0200
Subject: [PATCH 3/3] Fix possible injection using HTTP_X_FORWARDED_FOR

---
 main/webservices/testip.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/main/webservices/testip.php b/main/webservices/testip.php
index 7c1928317f..01e1061d8c 100755
--- a/main/webservices/testip.php
+++ b/main/webservices/testip.php
@@ -3,9 +3,16 @@
 /**
  *  @package chamilo.webservices
  */
-$ip = trim($_SERVER['REMOTE_ADDR']);
+$ip = '';
+if (!empty($_SERVER['REMOTE_ADDR'])) {
+    $ip = trim($_SERVER['REMOTE_ADDR']);
+}
 if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-    list($ip1, $ip2) = preg_split('/,/', $_SERVER['HTTP_X_FORWARDED_FOR']);
-    $ip = trim($ip1);
+    if (filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6) == $_SERVER['HTTP_X_FORWARDED_FOR']) {
+        list($ip1, $ip2) = preg_split('/,/', $_SERVER['HTTP_X_FORWARDED_FOR']);
+        $ip = trim($ip1);
+    }
+}
+if (!empty($ip) && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
+    echo htmlentities($ip);
 }
-echo htmlentities($ip);