From f8a0e5f9399b3257b5a2f3ff74c3936f3687256e Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sat, 31 Jan 2004 05:17:54 +0000
Subject: [PATCH] Only check X-Forwarded-For if we're in squid mode. It's easy
 to forge an IP address this way if going to a server that's not behind a
 local reverse proxy.

---
 includes/Setup.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/includes/Setup.php b/includes/Setup.php
index 4a210d356e..2149dce12f 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -20,11 +20,12 @@ if ( $wgProfiling and (0 == rand() % $wgProfileSampleRate ) ) {
 
 
 /* collect the originating ips */
-if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
-  $wgIP = trim(preg_replace("/^(.*, )?([^,]+)$/", "$2",
-                        $_SERVER['HTTP_X_FORWARDED_FOR']));
-} else {
-  $wgIP = getenv("REMOTE_ADDR");
+$wgIP = getenv("REMOTE_ADDR");
+if( $wgUseSquid && isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
+	# If the web server is behind a reverse proxy, we need to find
+	# out where our requests are really coming from.
+	$wgIP = trim( preg_replace( "/^(.*, )?([^,]+)$/", "$2",
+		$_SERVER['HTTP_X_FORWARDED_FOR'] ) );
 }
 
 $fname = "Setup.php";
-- 
2.20.1