Merge pull request #21653 from nextcloud/bugfix/noid/fix-ipv6-remote-addresses-from-x-forwarded-for-header

Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2020-07-02 12:01:24 +0200
committer: GitHub <noreply@github.com> 2020-07-02 12:01:24 +0200
commit: 0ac3a65f627fab0e5010af4c496410441e47aed4 (patch)
tree: bffd04a96e36321dd9e1ef6b8b9ff35317447f20 /lib
parent: 47a21fad8cb4aecf24521ba6e46ad104378b277d (diff)
parent: 74a9cadc501791eaa42b43a7e66eb23a31b2135f (diff)
download: nextcloud-server-0ac3a65f627fab0e5010af4c496410441e47aed4.tar.gz
nextcloud-server-0ac3a65f627fab0e5010af4c496410441e47aed4.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php
index 12748e0dd62..6428f7116b0 100644
--- a/lib/private/AppFramework/Http/Request.php
+++ b/lib/private/AppFramework/Http/Request.php
@@ -653,6 +653,12 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 				if (isset($this->server[$header])) {
 					foreach (explode(',', $this->server[$header]) as $IP) {
 						$IP = trim($IP);
+
+						// remove brackets from IPv6 addresses
+						if (strpos($IP, '[') === 0 && substr($IP, -1) === ']') {
+							$IP = substr($IP, 1, -1);
+						}
+
 						if (filter_var($IP, FILTER_VALIDATE_IP) !== false) {
 							return $IP;
 						}
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2020-07-02 12:01:24 +0200
committer	GitHub <noreply@github.com>	2020-07-02 12:01:24 +0200
commit	0ac3a65f627fab0e5010af4c496410441e47aed4 (patch)
tree	bffd04a96e36321dd9e1ef6b8b9ff35317447f20 /lib
parent	47a21fad8cb4aecf24521ba6e46ad104378b277d (diff)
parent	74a9cadc501791eaa42b43a7e66eb23a31b2135f (diff)
download	nextcloud-server-0ac3a65f627fab0e5010af4c496410441e47aed4.tar.gz nextcloud-server-0ac3a65f627fab0e5010af4c496410441e47aed4.zip