MDL-47214 General: Multiple IP addresses in X-Forwarded-For Fixed

Fixed getremoteaddr() function handle multiple IP addresses Addressed point 2 on Dan's list Stopped changing $CFG value after started test.
2025-04-21 00:12:56 +02:00 · 2014-09-11 13:10:29 +01:00 · 2014-09-11 13:10:29 +01:00 · ad2fc0d83f
commit ad2fc0d83f
parent d07b0302a9
2 changed files with 27 additions and 1 deletions
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -8628,7 +8628,8 @@ function getremoteaddr($default='0.0.0.0') {
    }
    if (!($variablestoskip & GETREMOTEADDR_SKIP_HTTP_X_FORWARDED_FOR)) {
        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-            $address = cleanremoteaddr($_SERVER['HTTP_X_FORWARDED_FOR']);
+            $hdr = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
+            $address = $hdr[0];
            return $address ? $address : $default;
        }
    }
--- a/lib/tests/moodlelib_test.php
+++ b/lib/tests/moodlelib_test.php
@ -2799,4 +2799,29 @@ class core_moodlelib_testcase extends advanced_testcase {
        $count = count_words('one…two ブルース … カンベッル');
        $this->assertEquals(4, $count);
    }
+    /**
+     * Tests the getremoteaddr() function.
+     */
+    public function test_getremoteaddr() {
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '';
+        $noip = getremoteaddr('1.1.1.1');
+        $this->assertEquals('1.1.1.1', $noip);
+
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '';
+        $noip = getremoteaddr();
+        $this->assertEquals('0.0.0.0', $noip);
+
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '127.0.0.1';
+        $singleip = getremoteaddr();
+        $this->assertEquals('127.0.0.1', $singleip);
+
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,127.0.0.2';
+        $twoip = getremoteaddr();
+        $this->assertEquals('127.0.0.1', $twoip);
+
+        $_SERVER['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,127.0.0.2, 127.0.0.3';
+        $threeip = getremoteaddr();
+        $this->assertEquals('127.0.0.1', $threeip);
+
+    }
 }