Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Accounting for HTTP_X_FORWARDED_FOR when getting REMOTE_ADDR #461

Merged
merged 1 commit into from

2 participants

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 25 additions and 1 deletion.
  1. +6 −1 action/Request.php
  2. +19 −0 tests/cases/action/RequestTest.php
View
7 action/Request.php
@@ -246,7 +246,12 @@ public function env($key) {
$this->_env[$key] = $val;
if ($key == 'REMOTE_ADDR') {
- $val = ($addr = $this->env('HTTP_PC_REMOTE_ADDR')) ? $addr : $val;
+ foreach(array('HTTP_X_FORWARDED_FOR', 'HTTP_PC_REMOTE_ADDR') as $altKey) {
+ if ($addr = $this->env($altKey)) {
+ $val = $addr;
+ break;
+ }
+ }
}
if ($val !== null && $val !== false && $key !== 'HTTPS') {
View
19 tests/cases/action/RequestTest.php
@@ -122,6 +122,25 @@ public function testHttpsFromScriptUri() {
public function testRemoteAddr() {
$request = new Request(array('env' => array('REMOTE_ADDR' => '123.456.789.000')));
$this->assertEqual('123.456.789.000', $request->env('REMOTE_ADDR'));
+
+ $request = new Request(array('env' => array(
+ 'REMOTE_ADDR' => '123.456.789.000',
+ 'HTTP_X_FORWARDED_FOR' => '111.222.333.444'
+ )));
+ $this->assertEqual('111.222.333.444', $request->env('REMOTE_ADDR'));
+
+ $request = new Request(array('env' => array(
+ 'REMOTE_ADDR' => '123.456.789.000',
+ 'HTTP_PC_REMOTE_ADDR' => '222.333.444.555'
+ )));
+ $this->assertEqual('222.333.444.555', $request->env('REMOTE_ADDR'));
+
+ $request = new Request(array('env' => array(
+ 'REMOTE_ADDR' => '123.456.789.000',
+ 'HTTP_X_FORWARDED_FOR' => '111.222.333.444',
+ 'HTTP_PC_REMOTE_ADDR' => '222.333.444.555'
+ )));
+ $this->assertEqual('111.222.333.444', $request->env('REMOTE_ADDR'));
}
public function testRemoteAddrFromHttpPcRemoteAddr() {
Something went wrong with that request. Please try again.