Permalink
Browse files

getClientIp() will now only return valid IP addresses, rather than as…

…suming the X_FORWARDED_FOR is the first comma seperated value.
  • Loading branch information...
1 parent 78747e6 commit 7b5328f1c7646aca01beed5f06155a65f1b60889 @neilferreira neilferreira committed May 31, 2012
Showing with 9 additions and 2 deletions.
  1. +9 −2 src/Symfony/Component/HttpFoundation/Request.php
@@ -546,9 +546,16 @@ public function getClientIp()
if ($this->server->has('HTTP_CLIENT_IP')) {
return $this->server->get('HTTP_CLIENT_IP');
} elseif ($this->server->has('HTTP_X_FORWARDED_FOR')) {
- $clientIp = explode(',', $this->server->get('HTTP_X_FORWARDED_FOR'), 2);
+ $clientIp = explode(',', $this->server->get('HTTP_X_FORWARDED_FOR'));
- return isset($clientIp[0]) ? trim($clientIp[0]) : '';
+ foreach ($clientIp as $ipAddress) {
+ $cleanIpAddress = trim($ipAddress);
+
+ if (false !== filter_var($cleanIpAddress, FILTER_VALIDATE_IP)) {
+ return $cleanIpAddress;
+ }
+ }
+ return '';
}
}

0 comments on commit 7b5328f

Please sign in to comment.