r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Merge pull request #1090 from rastating/bug/fix-brute-force-vulnerability 

Remove use of headers that can be used to bypass anti-brute force controls
This commit is contained in:
Diego Najar 2019-10-05 19:59:34 +02:00 committed by GitHub
parent da94b43e84 b5afd44195
commit bee66af492
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bl-kernel/security.class.php
View File

@ -107,13 +107,6 @@ class Security extends dbJSON
public function getUserIp()
{
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif (getenv('HTTP_CLIENT_IP')) {
$ip = getenv('HTTP_CLIENT_IP');
} else {
$ip = getenv('REMOTE_ADDR');
}
return $ip;
return getenv('REMOTE_ADDR');
}
}