use $_SERVER[HTTP_X_FORWARDED_FOR] IP for ACL check if set, if not use $_SERVER[REMOTE_ADDR]

This commit is contained in:
Ralf Becker 2016-11-09 22:17:07 +01:00
parent db9c65899e
commit b7c5ff7642

View File

@ -259,7 +259,8 @@ class setup
$auth_type = strtolower($_auth_type);
$GLOBALS['egw_info']['setup']['HeaderLoginMSG'] = $GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = '';
if(!$this->checkip($_SERVER['REMOTE_ADDR']))
if(!$this->checkip(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']))
{
//error_log(__METHOD__."('$auth_type') invalid IP");
return false;