From 2e2d9002ad5db73f19f385ec0ba2c77891164aef Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 27 Jun 2021 14:54:17 +0200 Subject: [PATCH] Code comment --- htdocs/admin/modules.php | 2 +- htdocs/core/lib/functions.lib.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 3b443276509..494dfc2f625 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -29,7 +29,7 @@ * \brief Page to activate/disable all modules */ -if (!defined('CSRFCHECK_WITH_TOKEN') && (empty($_GET['action']) || $_GET['action'] != 'reset')) { // We do not force security to disable modules so we can do it if problem +if (!defined('CSRFCHECK_WITH_TOKEN') && (empty($_GET['action']) || $_GET['action'] != 'reset')) { // We force security except to disable modules so we can do it if problem of a module define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 8573cdfe961..e3b288aff8e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -3119,7 +3119,7 @@ function getUserRemoteIP() if (empty($_SERVER['HTTP_X_FORWARDED_FOR']) || preg_match('/[^0-9\.\:,\[\]]/', $_SERVER['HTTP_X_FORWARDED_FOR'])) { if (empty($_SERVER['HTTP_CLIENT_IP']) || preg_match('/[^0-9\.\:,\[\]]/', $_SERVER['HTTP_CLIENT_IP'])) { if (empty($_SERVER["HTTP_CF_CONNECTING_IP"])) { - $ip = (empty($_SERVER['REMOTE_ADDR']) ? '' : $_SERVER['REMOTE_ADDR']); // value may have been forged by client + $ip = (empty($_SERVER['REMOTE_ADDR']) ? '' : $_SERVER['REMOTE_ADDR']); // value may have been the IP of the proxy and not the client } else { $ip = $_SERVER["HTTP_CF_CONNECTING_IP"]; // value here may have been forged by client }