From 4d480b36ea4b503ed997b1b9c60c433b5508e4aa Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Wed, 17 Jul 2013 08:04:15 +0200 Subject: Respect HTTP_X_FORWARDED_FOR and HTTP_X_REAL_IP variables for session IP check --- program/lib/Roundcube/rcube_session.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'program/lib/Roundcube/rcube_session.php') diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php index 615ec6f0e..646933b71 100644 --- a/program/lib/Roundcube/rcube_session.php +++ b/program/lib/Roundcube/rcube_session.php @@ -54,7 +54,7 @@ class rcube_session { $this->db = $db; $this->start = microtime(true); - $this->ip = $_SERVER['REMOTE_ADDR']; + $this->ip = rcube_utils::remote_addr(); $this->logging = $config->get('log_session', false); $lifetime = $config->get('session_lifetime', 1) * 60; @@ -480,7 +480,7 @@ class rcube_session public function kill() { $this->vars = null; - $this->ip = $_SERVER['REMOTE_ADDR']; // update IP (might have changed) + $this->ip = rcube_utils::remote_addr(); // update IP (might have changed) $this->destroy(session_id()); rcube_utils::setcookie($this->cookiename, '-del-', time() - 60); } @@ -694,10 +694,10 @@ class rcube_session function check_auth() { $this->cookie = $_COOKIE[$this->cookiename]; - $result = $this->ip_check ? $_SERVER['REMOTE_ADDR'] == $this->ip : true; + $result = $this->ip_check ? rcube_utils::remote_addr() == $this->ip : true; if (!$result) { - $this->log("IP check failed for " . $this->key . "; expected " . $this->ip . "; got " . $_SERVER['REMOTE_ADDR']); + $this->log("IP check failed for " . $this->key . "; expected " . $this->ip . "; got " . rcube_utils::remote_addr()); } if ($result && $this->_mkcookie($this->now) != $this->cookie) { -- cgit v1.2.3