Merge pull request #1090 from rastating/bug/fix-brute-force-vulnerability

Remove use of headers that can be used to bypass anti-brute force controls
This commit is contained in:
Diego Najar 2019-10-05 19:59:34 +02:00 committed by GitHub
commit bee66af492
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 8 deletions

View File

@ -107,13 +107,6 @@ class Security extends dbJSON
public function getUserIp() public function getUserIp()
{ {
if (getenv('HTTP_X_FORWARDED_FOR')) { return getenv('REMOTE_ADDR');
$ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif (getenv('HTTP_CLIENT_IP')) {
$ip = getenv('HTTP_CLIENT_IP');
} else {
$ip = getenv('REMOTE_ADDR');
}
return $ip;
} }
} }