Merge pull request #10653 from owncloud/x-forwarded-for

Add support for getting the real client IP behind proxies

4 files changed, 31 insertions, 3 deletions

diff --git a/lib/private/allconfig.php b/lib/private/allconfig.php
index eb114546010..ef8673af231 100644
--- a/lib/private/allconfig.php
+++ b/lib/private/allconfig.php
@@ -28,7 +28,7 @@ class AllConfig implements \OCP\IConfig {
 	 *
 	 * @param string $key the key of the value, under which it was saved
 	 * @param mixed $default the default value to be returned if the value isn't set
-	 * @return string the saved value
+	 * @return mixed the value or $default
 	 */
 	public function getSystemValue($key, $default = '') {
 		return \OCP\Config::getSystemValue($key, $default);
diff --git a/lib/private/request.php b/lib/private/request.php
index 5fd5b3a7197..b063c1f5967 100755
--- a/lib/private/request.php
+++ b/lib/private/request.php
@@ -16,6 +16,34 @@ class OC_Request {
 	const REGEX_LOCALHOST = '/^(127\.0\.0\.1|localhost)(:[0-9]+|)$/';
 
 	/**
+	 * Returns the remote address, if the connection came from a trusted proxy and `forwarded_for_headers` has been configured
+	 * then the IP address specified in this header will be returned instead.
+	 * Do always use this instead of $_SERVER['REMOTE_ADDR']
+	 * @return string IP address
+	 */
+	public static function getRemoteAddress() {
+		$remoteAddress = $_SERVER['REMOTE_ADDR'];
+		$trustedProxies = \OC::$server->getConfig()->getSystemValue('trusted_proxies', array());
+
+		if(is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) {
+			$forwardedForHeaders = \OC::$server->getConfig()->getSystemValue('forwarded_for_headers', array());
+
+			foreach($forwardedForHeaders as $header) {
+				if (array_key_exists($header, $_SERVER) === true) {
+					foreach (explode(',', $_SERVER[$header]) as $IP) {
+						$IP = trim($IP);
+						if (filter_var($IP, FILTER_VALIDATE_IP) !== false) {
+							return $IP;
+						}
+					}
+				}
+			}
+		}
+
+		return $remoteAddress;
+	}
+
+	/**
 	 * Check overwrite condition
 	 * @param string $type
 	 * @return bool
diff --git a/lib/public/config.php b/lib/public/config.php
index ea3e0c1372a..65dde39cdce 100644
--- a/lib/public/config.php
+++ b/lib/public/config.php
@@ -43,7 +43,7 @@ class Config {
 	 * Gets a value from config.php
 	 * @param string $key key
 	 * @param mixed $default = null default value
-	 * @return string the value or $default
+	 * @return mixed the value or $default
 	 *
 	 * This function gets the value from config.php. If it does not exist,
 	 * $default will be returned.
diff --git a/lib/public/iconfig.php b/lib/public/iconfig.php
index d4a8cdc7381..4865f8bc85b 100644
--- a/lib/public/iconfig.php
+++ b/lib/public/iconfig.php
@@ -47,7 +47,7 @@ interface IConfig {
 	 *
 	 * @param string $key the key of the value, under which it was saved
 	 * @param string $default the default value to be returned if the value isn't set
-	 * @return string the saved value
+	 * @return mixed the value or $default
 	 */
 	public function getSystemValue($key, $default = '');