Process X-Forwarded-For header in correct order #3095

Closed
wants to merge 2 commits into
from
View
2 library/Zend/Session/Validator/RemoteAddr.php
@@ -102,7 +102,7 @@ protected function getIpAddress()
// proxy IP address
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR']) {
$ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
- return trim($ips[0]);
+ return trim(end($ips));
}
}
View
2 tests/ZendTest/Session/Validator/RemoteAddrTest.php
@@ -106,7 +106,7 @@ public function testMultipleHttpXForwardedFor()
{
$this->backup();
$_SERVER['REMOTE_ADDR'] = '0.1.2.3';
- $_SERVER['HTTP_X_FORWARDED_FOR'] = '2.1.2.3, 1.1.2.3';
+ $_SERVER['HTTP_X_FORWARDED_FOR'] = '1.1.2.3, 2.1.2.3';
RemoteAddr::setUseProxy(true);
$validator = new RemoteAddr();
RemoteAddr::setUseProxy(false);