forked from Wavyzz/dolibarr
Code comment
This commit is contained in:
Laurent Destailleur
@@ -29,7 +29,7 @@
|
|||||||
* \brief Page to activate/disable all modules
|
* \brief Page to activate/disable all modules
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (!defined('CSRFCHECK_WITH_TOKEN') && (empty($_GET['action']) || $_GET['action'] != 'reset')) { // We do not force security to disable modules so we can do it if problem
|
if (!defined('CSRFCHECK_WITH_TOKEN') && (empty($_GET['action']) || $_GET['action'] != 'reset')) { // We force security except to disable modules so we can do it if problem of a module
|
||||||
define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
|
define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -3119,7 +3119,7 @@ function getUserRemoteIP()
|
|||||||
if (empty($_SERVER['HTTP_X_FORWARDED_FOR']) || preg_match('/[^0-9\.\:,\[\]]/', $_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
if (empty($_SERVER['HTTP_X_FORWARDED_FOR']) || preg_match('/[^0-9\.\:,\[\]]/', $_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||||
if (empty($_SERVER['HTTP_CLIENT_IP']) || preg_match('/[^0-9\.\:,\[\]]/', $_SERVER['HTTP_CLIENT_IP'])) {
|
if (empty($_SERVER['HTTP_CLIENT_IP']) || preg_match('/[^0-9\.\:,\[\]]/', $_SERVER['HTTP_CLIENT_IP'])) {
|
||||||
if (empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
|
if (empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
|
||||||
$ip = (empty($_SERVER['REMOTE_ADDR']) ? '' : $_SERVER['REMOTE_ADDR']); // value may have been forged by client
|
$ip = (empty($_SERVER['REMOTE_ADDR']) ? '' : $_SERVER['REMOTE_ADDR']); // value may have been the IP of the proxy and not the client
|
||||||
} else {
|
} else {
|
||||||
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"]; // value here may have been forged by client
|
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"]; // value here may have been forged by client
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user