diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-12-17 09:21:05 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-12-17 09:21:05 +0100 |
commit | a520f331c16fc703cc92d5b9853fb91805f82305 (patch) | |
tree | f2d28e85b2bfa09a1080577e084c8c50b5c58ae8 /program/lib | |
parent | 7b1969ad609a0fe94534bc33453bd20f5796e2a6 (diff) |
Fix handling of X-Forwarded-For header with multiple addresses (#1489481)
Diffstat (limited to 'program/lib')
-rw-r--r-- | program/lib/Roundcube/rcube_utils.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php index db41a6e86..fb5a8100d 100644 --- a/program/lib/Roundcube/rcube_utils.php +++ b/program/lib/Roundcube/rcube_utils.php @@ -680,9 +680,17 @@ class rcube_utils */ public static function remote_addr() { - foreach (array('HTTP_X_FORWARDED_FOR','HTTP_X_REAL_IP','REMOTE_ADDR') as $prop) { - if (!empty($_SERVER[$prop])) - return $_SERVER[$prop]; + if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'], 2); + return $hosts[0]; + } + + if (!empty($_SERVER['HTTP_X_REAL_IP'])) { + return $_SERVER['HTTP_X_REAL_IP']; + } + + if (!empty($_SERVER['REMOTE_ADDR'])) { + return $_SERVER['REMOTE_ADDR']; } return ''; |