Fossil

Check-in [59f790bc52]
Login
Home Timeline Docs Forum Download

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Change cgi_accept_forwarded_for() to return the accepted IP address from the X-Forwarded-For header, which could contain multiple addresses (e.g. if the client is also behind a proxy). The last one is the only one we can currently trust.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 59f790bc52e3d9480029fef6467badd663ab3d26
User & Date: joel 2013-08-04 06:06:04.696
Context
2013-08-04
07:54
Renamed /stats_report to /reports. ... (check-in: 3bb44041f0 user: stephan tags: trunk)
06:06
Change cgi_accept_forwarded_for() to return the accepted IP address from the X-Forwarded-For header, which could contain multiple addresses (e.g. if the client is also behind a proxy). The last one is the only one we can currently trust. ... (check-in: 59f790bc52 user: joel tags: trunk)
2013-08-03
23:33
Previous two check-ins do not work correctly for CGI. Trying once again. ... (check-in: d8f716e1d1 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/cgi.c. 
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142

1143



1144
1145
1146
1147
1148
1149
1150
1151

    va_end(ap);
    cgi_reply();
    fossil_exit(1);
  }
}

/* z[] is the value of an X-FORWARDED-FOR: line in an HTTP header.
** Return true if we should accept this value as a real IP address.
** Return false to stick with the IP address previously computed and
** loaded into g.zIpAddr.
*/
static int cgi_accept_forwarded_for(const char *z){

  if( fossil_strcmp(g.zIpAddr, "127.0.0.1")==0 ) return 1;



  return 0;
}

/*
** Remove the first space-delimited token from a string and return
** a pointer to it.  Add a NULL to the string to terminate the token.
** Make *zLeftOver point to the start of the next token.
*/








|
|


|
>
|
>
>
>
|








1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155

    va_end(ap);
    cgi_reply();
    fossil_exit(1);
  }
}

/* z[] is the value of an X-FORWARDED-FOR: line in an HTTP header.
** Return a pointer to a string containing the real IP address, or a
** NULL pointer to stick with the IP address previously computed and
** loaded into g.zIpAddr.
*/
static const char *cgi_accept_forwarded_for(const char *z){
  int i;
  if( fossil_strcmp(g.zIpAddr, "127.0.0.1")!=0 ) return 0;
  
  i = strlen(z)-1;
  while( i>=0 && z[i]!=',' && !fossil_isspace(z[i]) ) i--;
  return &z[++i];
}

/*
** Remove the first space-delimited token from a string and return
** a pointer to it.  Add a NULL to the string to terminate the token.
** Make *zLeftOver point to the start of the next token.
*/

1253
1254
1255
1256
1257
1258
1259
1260

1261
1262
1263
1264
1265
1266
1267
1268

#if 0
    }else if( fossil_strcmp(zFieldName,"referer:")==0 ){
      cgi_setenv("HTTP_REFERER", zVal);
#endif
    }else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){
      cgi_setenv("HTTP_USER_AGENT", zVal);
    }else if( fossil_strcmp(zFieldName,"x-forwarded-for:")==0 ){
      if( cgi_accept_forwarded_for(zVal) ){

        g.zIpAddr = mprintf("%s", zVal);
        cgi_replace_parameter("REMOTE_ADDR", g.zIpAddr);
      }
    }
  }
  cgi_init();
  cgi_trace(0);
}








|
>
|








1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273

#if 0
    }else if( fossil_strcmp(zFieldName,"referer:")==0 ){
      cgi_setenv("HTTP_REFERER", zVal);
#endif
    }else if( fossil_strcmp(zFieldName,"user-agent:")==0 ){
      cgi_setenv("HTTP_USER_AGENT", zVal);
    }else if( fossil_strcmp(zFieldName,"x-forwarded-for:")==0 ){
      const char *zIpAddr = cgi_accept_forwarded_for(zVal);
      if( zIpAddr!=0 ){
        g.zIpAddr = mprintf("%s", zIpAddr);
        cgi_replace_parameter("REMOTE_ADDR", g.zIpAddr);
      }
    }
  }
  cgi_init();
  cgi_trace(0);
}
This page was generated in about 0.02s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32