refs #8030 added a comment that this code may be buggy

matomo-org · Aug 12, 2015 · 7d8211f · 7d8211f
1 parent 85e2e53
commit 7d8211f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/core/IP.php b/core/IP.php
@@ -83,6 +83,9 @@ public static function getNonProxyIpFromHeader($default, $proxyHeaders)
         // examine proxy headers
         foreach ($proxyHeaders as $proxyHeader) {
             if (!empty($_SERVER[$proxyHeader])) {
+                // this may be buggy if someone has proxy IPs and proxy host headers configured as
+                // `$_SERVER[$proxyHeader]` could be eg $_SERVER['HTTP_X_FORWARDED_HOST'] and
+                // include an actual host name, not an IP
                 $proxyIp = self::getLastIpFromList($_SERVER[$proxyHeader], $proxyIps);
                 if (strlen($proxyIp) && stripos($proxyIp, 'unknown') === false) {
                     return $proxyIp;