From 3e8716108ae529ef791bf09f2b82cc8b43a48779 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Tue, 13 Aug 2013 09:23:27 -0500
Subject: [PATCH] Ensure no leading or trailing whitespace on the remote_addr

If reading the remote_addr from X-Forwarded-For header, ensure that there is
no leading or trailing whitespace. If ip_binding is enabled for staff
sessions, this could cause unnecessary logouts
---
 main.inc.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/main.inc.php b/main.inc.php
index be0b6bfcf..b980d87ed 100644
--- a/main.inc.php
+++ b/main.inc.php
@@ -199,8 +199,10 @@
     define('TIMEZONE_TABLE',TABLE_PREFIX.'timezone');
 
     #Global overwrite
-    if($_SERVER['HTTP_X_FORWARDED_FOR']) //Can contain multiple IPs - use the last one.
-        $_SERVER['REMOTE_ADDR'] =  array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
+    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
+        // Take the left-most item for X-Forwarded-For
+        $_SERVER['REMOTE_ADDR'] = array_pop(
+            explode(',', trim($_SERVER['HTTP_X_FORWARDED_FOR'])));
 
     #Connect to the DB && get configuration from database
     $ferror=null;
-- 
GitLab