summaryrefslogtreecommitdiff
path: root/program/lib
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-12-17 09:21:05 +0100
committerAleksander Machniak <alec@alec.pl>2013-12-17 09:21:05 +0100
commita520f331c16fc703cc92d5b9853fb91805f82305 (patch)
treef2d28e85b2bfa09a1080577e084c8c50b5c58ae8 /program/lib
parent7b1969ad609a0fe94534bc33453bd20f5796e2a6 (diff)
Fix handling of X-Forwarded-For header with multiple addresses (#1489481)
Diffstat (limited to 'program/lib')
-rw-r--r--program/lib/Roundcube/rcube_utils.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index db41a6e86..fb5a8100d 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -680,9 +680,17 @@ class rcube_utils
*/
public static function remote_addr()
{
- foreach (array('HTTP_X_FORWARDED_FOR','HTTP_X_REAL_IP','REMOTE_ADDR') as $prop) {
- if (!empty($_SERVER[$prop]))
- return $_SERVER[$prop];
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'], 2);
+ return $hosts[0];
+ }
+
+ if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+ return $_SERVER['HTTP_X_REAL_IP'];
+ }
+
+ if (!empty($_SERVER['REMOTE_ADDR'])) {
+ return $_SERVER['REMOTE_ADDR'];
}
return '';