Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

ensure Request::env('REMOTE_ADDR') consistently returns only one IP address #843

Merged
merged 1 commit into from

2 participants

@mikegreiling

In some environments, such as Orchestra.io's load-balanced nginx environment, $_SERVER['HTTP_X_FORWARDED_FOR'] will actually contain three IP addresses concatenated by comma+space.

When running Request::env('REMOTE_ADDR'), I'd like to reasonably expect that I'm only going to get the remote IP address of the client.

see stackoverflow.com and wikipedia.org

@nateabele nateabele merged commit 28a7312 into UnionOfRAD:dev

1 check passed

Details default The Travis build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 7 additions and 1 deletion.
  1. +1 −1  action/Request.php
  2. +6 −0 tests/cases/action/RequestTest.php
View
2  action/Request.php
@@ -248,7 +248,7 @@ public function env($key) {
$https = array('HTTP_X_FORWARDED_FOR', 'HTTP_PC_REMOTE_ADDR', 'HTTP_X_REAL_IP');
foreach ($https as $altKey) {
if ($addr = $this->env($altKey)) {
- $val = $addr;
+ list($val) = explode(', ', $addr);
break;
}
}
View
6 tests/cases/action/RequestTest.php
@@ -131,6 +131,12 @@ public function testRemoteAddr() {
$request = new Request(array('env' => array(
'REMOTE_ADDR' => '123.456.789.000',
+ 'HTTP_X_FORWARDED_FOR' => '333.222.444.111, 444.333.222.111, 255.255.255.255'
+ )));
+ $this->assertEqual('333.222.444.111', $request->env('REMOTE_ADDR'));
+
+ $request = new Request(array('env' => array(
+ 'REMOTE_ADDR' => '123.456.789.000',
'HTTP_PC_REMOTE_ADDR' => '222.333.444.555'
)));
$this->assertEqual('222.333.444.555', $request->env('REMOTE_ADDR'));
Something went wrong with that request. Please try again.