self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-01-08 04:05:03 +02:00
Code Issues Releases Activity

[Web] Important fix: Ignore untrusted headers

Browse Source
This commit is contained in:
André 2018-08-17 22:32:42 +02:00
parent 6cee038a63
commit 3fd99e4f6d
1 changed files with 1 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
data/web/inc/prerequisites.inc.php
View File

@ -80,25 +80,7 @@ function get_remote_ip($anonymize = null) {
elseif ($anonymize !== true && $anonymize !== false) { elseif ($anonymize !== true && $anonymize !== false) {
$anonymize = true; $anonymize = true;
} }
$remote = '';
if ($_SERVER['HTTP_CLIENT_IP']) {
$remote = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ($_SERVER['HTTP_X_FORWARDED_FOR']) {
$remote = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif ($_SERVER['HTTP_X_FORWARDED']) {
$remote = $_SERVER['HTTP_X_FORWARDED'];
}
elseif ($_SERVER['HTTP_FORWARDED_FOR']) {
$remote = $_SERVER['HTTP_FORWARDED_FOR'];
}
elseif ($_SERVER['HTTP_FORWARDED']) {
$remote = $_SERVER['HTTP_FORWARDED'];
}
elseif ($_SERVER['REMOTE_ADDR']) {
$remote = $_SERVER['REMOTE_ADDR']; $remote = $_SERVER['REMOTE_ADDR'];
}
if (filter_var($remote, FILTER_VALIDATE_IP) === false) { if (filter_var($remote, FILTER_VALIDATE_IP) === false) {
return '0.0.0.0'; return '0.0.0.0';
} }