Permalink
Browse files

[#25161833] Clean up IP address parsing

If there's more than one proxy standing between the client
and Koha's web server, the HTTP_X_FORWARDED_FOR header may
contain more than one IP address. C4::Branch::GetBranchByIp
was not prepared for this condition, and it would cause an
exception.

There are also some proxies which insert a non-IP value into
the HTTP_X_FORWARDED_FOR header (e.g. "unknown") to
protect privacy or who knows why. This would bunge up
Koha's IP detection. This patch looks for something that
looks like a good address, then if all else fails it
resorts to reporting that the client is not in any branch.
  • Loading branch information...
1 parent 92058c6 commit bfdeec39efbceda77fd2df3edd4b24daec0dec72 @ctfliblime ctfliblime committed Feb 19, 2012
Showing with 8 additions and 7 deletions.
  1. +1 −4 C4/Auth.pm
  2. +7 −3 C4/Branch.pm
View
5 C4/Auth.pm
@@ -1593,10 +1593,7 @@ sub getborrowernumber {
sub IsIpInLibrary {
my $params = shift;
- my $client_ip = $params->{ip}
- // $ENV{HTTP_X_FORWARDED_FOR}
- // $ENV{REMOTE_ADDR};
- return (C4::Branch::GetBranchByIp($client_ip) eq $params->{branchcode}) ? 1 : 0;
+ return (C4::Branch::GetBranchByIp($params->{ip}) eq $params->{branchcode}) ? 1 : 0;
}
sub _uniq {
View
10 C4/Branch.pm
@@ -19,6 +19,7 @@ package C4::Branch;
use strict;
use warnings;
use Carp;
+use List::Util qw(first);
use List::MoreUtils qw(uniq);
use Net::IP;
@@ -607,10 +608,13 @@ sub GetBranchCodeFromName {
#
# Returns the branches.branchcode for the first match or undef if no match.
sub GetBranchByIp {
- my $client_ip = Net::IP->new(shift
+ my $raw = shift
// $ENV{HTTP_X_FORWARDED_FOR}
- // $ENV{REMOTE_ADDR});
-
+ // $ENV{REMOTE_ADDR};
+ $raw = first {/^[0-9]/} split /[^0-9.]+/, $raw;
+ my $client_ip = Net::IP->new($raw);
+ return undef unless $client_ip;
+
for my $branch (values %{GetBranches()}) {
next unless $branch->{branchip};
my $raw = $branch->{branchip};

0 comments on commit bfdeec3

Please sign in to comment.