Merge pull request #1090 from rastating/bug/fix-brute-force-vulnerability
Remove use of headers that can be used to bypass anti-brute force controls
This commit is contained in:
commit
bee66af492
@ -107,13 +107,6 @@ class Security extends dbJSON
|
||||
|
||||
public function getUserIp()
|
||||
{
|
||||
if (getenv('HTTP_X_FORWARDED_FOR')) {
|
||||
$ip = getenv('HTTP_X_FORWARDED_FOR');
|
||||
} elseif (getenv('HTTP_CLIENT_IP')) {
|
||||
$ip = getenv('HTTP_CLIENT_IP');
|
||||
} else {
|
||||
$ip = getenv('REMOTE_ADDR');
|
||||
}
|
||||
return $ip;
|
||||
return getenv('REMOTE_ADDR');
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user