From: Brion Vibber Date: Sat, 31 Jan 2004 05:17:54 +0000 (+0000) Subject: Only check X-Forwarded-For if we're in squid mode. It's easy to forge an IP address... X-Git-Tag: 1.3.0beta1~1054 X-Git-Url: http://git.cyclocoop.org/%24self?a=commitdiff_plain;h=f8a0e5f9399b3257b5a2f3ff74c3936f3687256e;p=lhc%2Fweb%2Fwiklou.git Only check X-Forwarded-For if we're in squid mode. It's easy to forge an IP address this way if going to a server that's not behind a local reverse proxy. --- diff --git a/includes/Setup.php b/includes/Setup.php index 4a210d356e..2149dce12f 100644 --- a/includes/Setup.php +++ b/includes/Setup.php @@ -20,11 +20,12 @@ if ( $wgProfiling and (0 == rand() % $wgProfileSampleRate ) ) { /* collect the originating ips */ -if ($_SERVER["HTTP_X_FORWARDED_FOR"]) { - $wgIP = trim(preg_replace("/^(.*, )?([^,]+)$/", "$2", - $_SERVER['HTTP_X_FORWARDED_FOR'])); -} else { - $wgIP = getenv("REMOTE_ADDR"); +$wgIP = getenv("REMOTE_ADDR"); +if( $wgUseSquid && isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) { + # If the web server is behind a reverse proxy, we need to find + # out where our requests are really coming from. + $wgIP = trim( preg_replace( "/^(.*, )?([^,]+)$/", "$2", + $_SERVER['HTTP_X_FORWARDED_FOR'] ) ); } $fname = "Setup.php";