Fixed #018555: Debug by ip not usable if being a proxy

[alafon]

• I first implemented the logic in the eZDebug::isAllowedByCurrentIP() method itself, but after reading a comment in a related issue of 018555, I decided to add a clientIP() method to eZSys in order to make the job.
• I chose not to hard code the header name in the method because, even if commonly used by Squid and other proxy, X-Forwarded-For is not mentioned in any RFC (yet?).

[dpobel]

Nice pull request Arnaud :-)
+1 for me. (nitpick: I would have done it with only one new INI settings that could contains the custom header to look for and if it's empty, use REMOTE_ADDR)

[alafon]

Thanks Damien.

nitpick: I would have done it with only one new INI settings that could contains the custom header to look for and if it's empty, use REMOTE_ADDR

It is done this way :)

[dpobel]

doh! sorry the example mislead me :-/

[alafon]

Done :

• method eZSys:clientIP() re-implemented as suggested by André
• site.ini updated
• doc updated

[andrerom]

Sorry for asking stuff on a closed pull request, but #112 made me think about the setting introduced here.
Is it really needed to be able to specific the header name?
Isn't it always X-Forward-For?

What I'm thinking about is to instead have a enable/disable setting(aka only enable if you trust the source setting these headers), and potentially also reuse it for things like X-Forward-Host used in hostname().

[alafon]

The problem is that during my investigation about X-Forward-For, I've discovered that it's not in any official RFC. You're right, it (the header name) is commonly used by technologies such as Varnish, so maybe we could hard code the header name... My though are that having X-Forward-For as a default parameter is ok, and being able to change it on demand is also a good feature since sometime eZ publish is behind homemade proxys (such as the big customer for whom I've implemented this).

[andrerom]

Yes, I see your point.
I'am just trying to keep number of settings down, and since these have always been hardcoded in the past (eg X-Forward-Host further up) and no one has complained about it, I thought we could simplify a bit before it ends up in a release :)

[alafon]

Alright.
Instead of using a setting, what about providing a way where anyone would be able to override the clientIP() function ?