* Most presentational html attributes like valign are now converted to inline
css style rules. These attributes were removed from html5 and so we clean them up
when $wgHtml5 is enabled. This can be disabled using $wgCleanupPresentationalAttributes.
+* When MediaWiki is being run behind a proxy, the X-Real-IP header is now also checked
+ to determine the client's actual IP address.
=== Bug fixes in 1.19 ===
* $wgUploadNavigationUrl should be used for file redlinks if
/**
* Extracts the XFF string from the request header
- * Checks first for "X-Forwarded-For", then "Client-ip"
+ * Checks first for "X-Forwarded-For", then "Client-ip", then "X-Real-IP"
* Note: headers are spoofable
* @return string
*/
}
$index = strtoupper ( 'X-Forwarded-For' );
$index2 = strtoupper ( 'Client-ip' );
+ $index3 = strtoupper ( 'X-Real-IP' );
} else {
// Subject to spoofing with headers like X_Forwarded_For
$set = $_SERVER;
$index = 'HTTP_X_FORWARDED_FOR';
$index2 = 'CLIENT-IP';
+ $index3 = 'HTTP_X_REAL_IP';
}
#Try a couple of headers
return $set[$index];
} elseif( isset( $set[$index2] ) ) {
return $set[$index2];
+ } elseif( isset( $set[$index3] ) ) {
+ return $set[$index3];
} else {
return null;
}