diff options
| author | Clark Tomlinson <fallen013@gmail.com> | 2014-08-27 10:32:34 -0400 |
|---|---|---|
| committer | Clark Tomlinson <fallen013@gmail.com> | 2014-08-27 10:32:34 -0400 |
| commit | cb0da1178b0872988582ee5fbf6b5b1cb5ea2527 (patch) | |
| tree | 99f1cf9c15cb69e15d7347a35220157be77b40f2 /lib/private | |
| parent | 13012fb5f77baac8be21cb91cd84312e61a288e5 (diff) | |
| parent | 7acdd018a1555c9bc5dcc1702074a10f862bb170 (diff) | |
| download | nextcloud-server-cb0da1178b0872988582ee5fbf6b5b1cb5ea2527.tar.gz nextcloud-server-cb0da1178b0872988582ee5fbf6b5b1cb5ea2527.zip | |
Merge pull request #10653 from owncloud/x-forwarded-for
Add support for getting the real client IP behind proxies
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/allconfig.php | 2 | ||||
| -rwxr-xr-x | lib/private/request.php | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/lib/private/allconfig.php b/lib/private/allconfig.php index eb114546010..ef8673af231 100644 --- a/lib/private/allconfig.php +++ b/lib/private/allconfig.php @@ -28,7 +28,7 @@ class AllConfig implements \OCP\IConfig { * * @param string $key the key of the value, under which it was saved * @param mixed $default the default value to be returned if the value isn't set - * @return string the saved value + * @return mixed the value or $default */ public function getSystemValue($key, $default = '') { return \OCP\Config::getSystemValue($key, $default); diff --git a/lib/private/request.php b/lib/private/request.php index 5fd5b3a7197..b063c1f5967 100755 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -16,6 +16,34 @@ class OC_Request { const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/'; /** + * Returns the remote address, if the connection came from a trusted proxy and `forwarded_for_headers` has been configured + * then the IP address specified in this header will be returned instead. + * Do always use this instead of $_SERVER['REMOTE_ADDR'] + * @return string IP address + */ + public static function getRemoteAddress() { + $remoteAddress = $_SERVER['REMOTE_ADDR']; + $trustedProxies = \OC::$server->getConfig()->getSystemValue('trusted_proxies', array()); + + if(is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) { + $forwardedForHeaders = \OC::$server->getConfig()->getSystemValue('forwarded_for_headers', array()); + + foreach($forwardedForHeaders as $header) { + if (array_key_exists($header, $_SERVER) === true) { + foreach (explode(',', $_SERVER[$header]) as $IP) { + $IP = trim($IP); + if (filter_var($IP, FILTER_VALIDATE_IP) !== false) { + return $IP; + } + } + } + } + } + + return $remoteAddress; + } + + /** * Check overwrite condition * @param string $type * @return bool |