Permalink
Browse files

Implementing $safe mode for RequestHandlerComponent::getClientIP(), w…

…hich ignores HTTP_X_FORWARDED_FOR, fixes #5842

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7957 3807eeeb-6ff5-0310-8944-8be069107fe0
  • Loading branch information...
1 parent c60e624 commit b2b46c3fa4b9238c738e1eea2b94b88eb0f04dad @nateabele nateabele committed Dec 25, 2008
@@ -401,8 +401,8 @@ function getReferrer() {
* @return string Client IP address
* @access public
*/
- function getClientIP() {
- if (env('HTTP_X_FORWARDED_FOR') != null) {
+ function getClientIP($safe = true) {
+ if (!$safe && env('HTTP_X_FORWARDED_FOR') != null) {
$ipaddr = preg_replace('/(?:,.*)/', '', env('HTTP_X_FORWARDED_FOR'));
} else {
if (env('HTTP_CLIENT_IP') != null) {
@@ -432,7 +432,8 @@ function testClientProperties() {
$_SERVER['HTTP_X_FORWARDED_FOR'] = '192.168.1.5, 10.0.1.1, proxy.com';
$_SERVER['HTTP_CLIENT_IP'] = '192.168.1.2';
$_SERVER['REMOTE_ADDR'] = '192.168.1.3';
- $this->assertEqual($this->RequestHandler->getClientIP(), '192.168.1.5');
+ $this->assertEqual($this->RequestHandler->getClientIP(false), '192.168.1.5');
+ $this->assertEqual($this->RequestHandler->getClientIP(), '192.168.1.2');
unset($_SERVER['HTTP_X_FORWARDED_FOR']);
$this->assertEqual($this->RequestHandler->getClientIP(), '192.168.1.2');

0 comments on commit b2b46c3

Please sign in to comment.