diff options
| author | Aleksander Machniak <alec@alec.pl> | 2019-12-07 11:34:15 +0300 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2019-12-07 11:34:15 +0300 |
| commit | 0b45c3c6b0b5c8f791f69c6a42411e433c3e9e8f (patch) | |
| tree | db30e6dafaf65331f6872667103fa2c041ddf2f0 /program | |
| parent | df7b76b0234a037be6a926a7e5c9ff73e11fd4a1 (diff) | |
Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
Diffstat (limited to 'program')
| -rw-r--r-- | program/lib/Roundcube/rcube_utils.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php index 2000d5a03..e75e94c58 100644 --- a/program/lib/Roundcube/rcube_utils.php +++ b/program/lib/Roundcube/rcube_utils.php @@ -687,6 +687,7 @@ class rcube_utils if (in_array($_SERVER['REMOTE_ADDR'], $proxy_whitelist)) { if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { foreach (array_reverse(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])) as $forwarded_ip) { + $forwarded_ip = trim($forwarded_ip); if (!in_array($forwarded_ip, $proxy_whitelist)) { return $forwarded_ip; } |