beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix forwarded IP comparison in login-ip plugin

Browse source 
The issue described in #372 is the same for the HTTP_X_FORWARDED_FOR comparison. strncasecmp returns 0 when the two strings are equal which is falsey.
This commit is contained in:
Hugues Lismonde 2020-02-04 16:11:53 +01:00 committed by Jakub Vrána
parent 9ab205776d
commit 3f38b61366
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
plugins/login-ip.php
View file

@ -29,7 +29,7 @@ class AdminerLoginIp {
}
if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
foreach ($this->forwarded_for as $forwarded_for) {
if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for))) {
if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for)) == 0) {
return true;
}
}