lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

(captiveportal, new) only accept X-Forwarded-For from localhost, thanks @fabianfrz

Browse Source
This commit is contained in:
Ad Schellevis 2015-09-30 17:39:51 +00:00
parent 96b033104d
commit 7c39adf71a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php
View File

@ -73,7 +73,8 @@ class AccessController extends ApiControllerBase
private function getClientIp()
{
// determine orginal sender of this request
if ($this->request->getHeader('X-Forwarded-For') != "") {
$trusted_proxy = array("127.0.0.1");
if ($this->request->getHeader('X-Forwarded-For') != "" && in_array($this->request->getClientAddress(), $trusted_proxy) ) {
// use X-Forwarded-For header to determine real client
return $this->request->getHeader('X-Forwarded-For');
} else {