mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 23:00:56 +01:00
remove all private IP addresses from X-Forwarded-For header, not just 10.0.0.0/8
This commit is contained in:
parent
64fd769586
commit
ce5e30dc4c
@ -1607,7 +1607,7 @@ class Session
|
||||
{
|
||||
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
||||
{
|
||||
$forwarded_for = preg_replace('/, *10\..*$/', '', $_SERVER['HTTP_X_FORWARDED_FOR']);
|
||||
$forwarded_for = preg_replace('/, *(192\.168|172\.(1[6789]|2[0-9]|3[01])|10)\..*$/', '', $_SERVER['HTTP_X_FORWARDED_FOR']);
|
||||
if (preg_match(self::IP_REGEXP, $forwarded_for))
|
||||
{
|
||||
return $forwarded_for;
|
||||
@ -2193,4 +2193,4 @@ class Session
|
||||
'notification_heartbeat > '.self::heartbeat_limit(),
|
||||
), __LINE__, __FILE__)->fetchColumn();
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user