Skip to content

Commit

Permalink
Fix forwarded IP comparison in login-ip plugin
Browse files Browse the repository at this point in the history 
The issue described in vrana#372 is the same for the HTTP_X_FORWARDED_FOR comparison. strncasecmp returns 0 when the two strings are equal which is falsey.
  • Loading branch information
@hlidotbe @vrana
hlidotbe authored and vrana committed Feb 4, 2020
1 parent 9ab2057 commit 3f38b61
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion plugins/login-ip.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ function login($login, $password) {
}
if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
foreach ($this->forwarded_for as $forwarded_for) {
if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for))) {
if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for)) == 0) {
return true;
}
}
Expand Down

0 comments on commit 3f38b61

Please sign in to comment.