Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #258397 by Dries: fixed spoofing attack.

merge-requests/26/head
Dries Buytaert 2008-07-04 22:54:09 +00:00
parent 1415340ce3
commit 2a34c23bc8
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
includes/bootstrap.inc
View File

@ -1175,7 +1175,9 @@ function ip_address($reset = false) {
if (!isset($ip_address) || $reset) { if (!isset($ip_address) || $reset) {
$ip_address = $_SERVER['REMOTE_ADDR']; $ip_address = $_SERVER['REMOTE_ADDR'];
if (variable_get('reverse_proxy', 0) && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
if (variable_get('reverse_proxy', 0)) {
if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
// If an array of known reverse proxy IPs is provided, then trust // If an array of known reverse proxy IPs is provided, then trust
// the XFF header if request really comes from one of them. // the XFF header if request really comes from one of them.
$reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array()); $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
@ -1193,6 +1195,7 @@ function ip_address($reset = false) {
$ip_address = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP']; $ip_address = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
} }
} }
}
return $ip_address; return $ip_address;
} }