Ensure no leading or trailing whitespace on the remote_addr

If reading the remote_addr from X-Forwarded-For header, ensure that there is no leading or trailing whitespace. If ip_binding is enabled for staff sessions, this could cause unnecessary logouts

Ensure no leading or trailing whitespace on the remote_addr
If reading the remote_addr from X-Forwarded-For header, ensure that there is no leading or trailing whitespace. If ip_binding is enabled for staff sessions, this could cause unnecessary logouts
3e871610 · Jared Hancock · Peter Rotich · cca2e4dd · 3e871610
Commit 3e871610 authored 11 years ago by Jared Hancock Committed by Peter Rotich 11 years ago
--- a/main.inc.php
+++ b/main.inc.php
@@ -199,8 +199,10 @@
    define('TIMEZONE_TABLE',TABLE_PREFIX.'timezone');

    #Global overwrite
-    if($_SERVER['HTTP_X_FORWARDED_FOR']) //Can contain multiple IPs - use the last one.
-        $_SERVER['REMOTE_ADDR'] =  array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
+    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
+        // Take the left-most item for X-Forwarded-For
+        $_SERVER['REMOTE_ADDR'] = array_pop(
+            explode(',', trim($_SERVER['HTTP_X_FORWARDED_FOR'])));

    #Connect to the DB && get configuration from database
    $ferror=null;