AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update how functions.php gets the remote IP address for logging 

- Builds on PR #1210 to always get the leftmost IP address
- Cloudflare (HTTP_CF_CONNECTING_IP) must now be explicitly defined, otherwise people could add the HTTP_CF_CONNECTING_IP header to a non-Cloudflare host and spoof IPs
- Tidy up the if/else logic a little
This commit is contained in:
wrongecho 2025-06-10 09:03:00 +01:00
parent d79a17adb0
commit f2bbc170da
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
functions.php
View File

@ -77,17 +77,21 @@ function getUserAgent() {
}
function getIP() {
if (defined("CONST_GET_IP_METHOD")) {
if (CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR") {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} else {
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
}
} else {
// Default way to get IP
$ip = $_SERVER['REMOTE_ADDR'];
// Allow overrides via config.php in-case we use a proxy - https://docs.itflow.org/config_php
if (defined("CONST_GET_IP_METHOD") && CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR") {
$ip = explode(',', getenv('HTTP_X_FORWARDED_FOR'))[0] ?? $_SERVER['REMOTE_ADDR'];;
} elseif (defined("CONST_GET_IP_METHOD") && CONST_GET_IP_METHOD == "HTTP_CF_CONNECTING_IP") {
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
}
// Abort if something isn't right
if (!filter_var($ip, FILTER_VALIDATE_IP)) {
error_log("ITFlow - Could not validate remote IP address");
error_log("ITFlow - IP was [$ip] using method " . CONST_GET_IP_METHOD);
exit("Potential Security Violation");
}