Accounting for HTTP_X_FORWARDED_FOR when getting REMOTE_ADDR

UnionOfRAD · May 15, 2012 · a8a667b · a8a667b
1 parent 986c4c7
commit a8a667b
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/action/Request.php b/action/Request.php
@@ -246,7 +246,12 @@ public function env($key) {
 		$this->_env[$key] = $val;
 
 		if ($key == 'REMOTE_ADDR') {
-			$val = ($addr = $this->env('HTTP_PC_REMOTE_ADDR')) ? $addr : $val;
+			foreach(array('HTTP_X_FORWARDED_FOR', 'HTTP_PC_REMOTE_ADDR') as $altKey) {
+				if ($addr = $this->env($altKey)) {
+					$val = $addr;
+					break;
+				}
+			}
 		}
 
 		if ($val !== null && $val !== false && $key !== 'HTTPS') {

diff --git a/tests/cases/action/RequestTest.php b/tests/cases/action/RequestTest.php
@@ -122,6 +122,25 @@ public function testHttpsFromScriptUri() {
 	public function testRemoteAddr() {
 		$request = new Request(array('env' => array('REMOTE_ADDR' => '123.456.789.000')));
 		$this->assertEqual('123.456.789.000', $request->env('REMOTE_ADDR'));
+
+		$request = new Request(array('env' => array(
+			'REMOTE_ADDR' => '123.456.789.000',
+			'HTTP_X_FORWARDED_FOR' => '111.222.333.444'
+		)));
+		$this->assertEqual('111.222.333.444', $request->env('REMOTE_ADDR'));
+
+		$request = new Request(array('env' => array(
+			'REMOTE_ADDR' => '123.456.789.000',
+			'HTTP_PC_REMOTE_ADDR' => '222.333.444.555'
+		)));
+		$this->assertEqual('222.333.444.555', $request->env('REMOTE_ADDR'));
+
+		$request = new Request(array('env' => array(
+			'REMOTE_ADDR' => '123.456.789.000',
+			'HTTP_X_FORWARDED_FOR' => '111.222.333.444',
+			'HTTP_PC_REMOTE_ADDR' => '222.333.444.555'
+		)));
+		$this->assertEqual('111.222.333.444', $request->env('REMOTE_ADDR'));
 	}
 
 	public function testRemoteAddrFromHttpPcRemoteAddr() {