diff options
| author | Mikael Peigney <Mika56@users.noreply.github.com> | 2024-02-05 12:41:28 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2024-02-13 16:51:13 +0100 |
| commit | ffcadf25d4b4d4782d85541e329255ce8f6de759 (patch) | |
| tree | 4be981858afc7813797eac1c39be9d8af71b7297 /lib/private/AppFramework | |
| parent | 8822b16d37de1d1a3cec959d184261152c42ae41 (diff) | |
| download | nextcloud-server-ffcadf25d4b4d4782d85541e329255ce8f6de759.tar.gz nextcloud-server-ffcadf25d4b4d4782d85541e329255ce8f6de759.zip | |
fix(request): Handle reverse proxy setting a port in Forwarded-For
Signed-off-by: Mikael Peigney <Mika56@users.noreply.github.com>
Diffstat (limited to 'lib/private/AppFramework')
| -rw-r--r-- | lib/private/AppFramework/Http/Request.php | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index 72ecffa773f..fc72a3f4525 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -607,10 +607,16 @@ class Request implements \ArrayAccess, \Countable, IRequest { if (isset($this->server[$header])) { foreach (array_reverse(explode(',', $this->server[$header])) as $IP) { $IP = trim($IP); - - // remove brackets from IPv6 addresses - if (str_starts_with($IP, '[') && str_ends_with($IP, ']')) { - $IP = substr($IP, 1, -1); + $colons = substr_count($IP, ':'); + if($colons > 1) { + // Extract IP from string with brackets and optional port + if(1 === preg_match('`^\[(.+?)\](?::\d+)?$`', $IP, $matches) && count($matches) === 1) { + $IP = $matches[0]; + } + } + elseif($colons === 1) { + // IPv4 with port + $IP = substr($IP, 0, strpos($IP, ':')); } if ($this->isTrustedProxy($trustedProxies, $IP)) { |