diff options
author | Andrejs Griščenko <andrejs.griscenko@zabbix.com> | 2022-11-07 17:03:56 +0300 |
---|---|---|
committer | Andrejs Griščenko <andrejs.griscenko@zabbix.com> | 2022-11-07 17:03:56 +0300 |
commit | 50668e9d64af32cdc67a45082c556699ff86565e (patch) | |
tree | f36786f5189123e74fd26821d5c248185be03c9d | |
parent | ffca02e387c5e2039e21384c6bd9c3dbd0862188 (diff) | |
parent | 4cbc81c663b5e942d98750ca41e2f11b0eb9226e (diff) |
..F....... [DEV-2301] fixed spoofing X-Forwarded-For request header allows to access Frontend in maintenace mode
* commit '4cbc81c663b5e942d98750ca41e2f11b0eb9226e':
..F....... [DEV-2301] fixed spoofing X-Forwarded-For request header allows to access Frontend in maintenace mode
-rw-r--r-- | ui/include/classes/user/CWebUser.php | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php index 743b0a572e9..2a3f2285968 100644 --- a/ui/include/classes/user/CWebUser.php +++ b/ui/include/classes/user/CWebUser.php @@ -261,13 +261,11 @@ class CWebUser { } /** - * Get user ip address. + * Get user IP address. * * @return string */ public static function getIp(): string { - return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '') - ? $_SERVER['HTTP_X_FORWARDED_FOR'] - : $_SERVER['REMOTE_ADDR']; + return $_SERVER['REMOTE_ADDR']; } } |