From e77b723db3dccab08bc093109ef4ede43f7115bd Mon Sep 17 00:00:00 2001 From: Marius Karstedt Date: Mon, 22 Mar 2021 10:57:58 +0100 Subject: [PATCH 1/6] Add http-client-ip header --- src/Pecee/Http/Request.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php index e2bccae..7d7cb46 100644 --- a/src/Pecee/Http/Request.php +++ b/src/Pecee/Http/Request.php @@ -166,6 +166,10 @@ class Request return $this->getHeader('http-cf-connecting-ip'); } + if($this->getHeader('http-client-ip') !== null){ + return $this->getHeader('http-client-ip'); + } + if ($this->getHeader('http-x-forwarded-for') !== null) { return $this->getHeader('http-x-forwarded-for'); } From 9897f66a25b8f22415c5f0b6df911f717152b704 Mon Sep 17 00:00:00 2001 From: Marius Karstedt Date: Mon, 22 Mar 2021 11:04:33 +0100 Subject: [PATCH 2/6] Add $safe --- src/Pecee/Http/Request.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php index 7d7cb46..cbce8bd 100644 --- a/src/Pecee/Http/Request.php +++ b/src/Pecee/Http/Request.php @@ -158,22 +158,24 @@ class Request /** * Get id address + * If $safe is false, this function will detect Proxys. But the user can edit this header to whatever he wants! + * https://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php#comment-25086804 + * @param bool $safe * @return string|null */ - public function getIp(): ?string + public function getIp(bool $safe = false): ?string { if ($this->getHeader('http-cf-connecting-ip') !== null) { return $this->getHeader('http-cf-connecting-ip'); } - - if($this->getHeader('http-client-ip') !== null){ - return $this->getHeader('http-client-ip'); + if(!$safe){ + if($this->getHeader('http-client-ip') !== null){ + return $this->getHeader('http-client-ip'); + } + if($this->getHeader('http-x-forwarded-for') !== null){ + return $this->getHeader('http-x-forwarded-for'); + } } - - if ($this->getHeader('http-x-forwarded-for') !== null) { - return $this->getHeader('http-x-forwarded-for'); - } - return $this->getHeader('remote-addr'); } From 90a0ca2ee89342fb0e77578f17744673df726dd2 Mon Sep 17 00:00:00 2001 From: Marius Karstedt Date: Mon, 22 Mar 2021 11:06:33 +0100 Subject: [PATCH 3/6] Add cf ip header to none save call --- src/Pecee/Http/Request.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php index cbce8bd..d72ee3f 100644 --- a/src/Pecee/Http/Request.php +++ b/src/Pecee/Http/Request.php @@ -165,10 +165,10 @@ class Request */ public function getIp(bool $safe = false): ?string { - if ($this->getHeader('http-cf-connecting-ip') !== null) { - return $this->getHeader('http-cf-connecting-ip'); - } if(!$safe){ + if ($this->getHeader('http-cf-connecting-ip') !== null) { + return $this->getHeader('http-cf-connecting-ip'); + } if($this->getHeader('http-client-ip') !== null){ return $this->getHeader('http-client-ip'); } From 24f7e3ab13815de24749e6e93c3421c7c3cf0c99 Mon Sep 17 00:00:00 2001 From: Marius Karstedt Date: Mon, 22 Mar 2021 11:15:47 +0100 Subject: [PATCH 4/6] Validate IP header --- src/Pecee/Http/Request.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php index d72ee3f..1ec099d 100644 --- a/src/Pecee/Http/Request.php +++ b/src/Pecee/Http/Request.php @@ -165,17 +165,18 @@ class Request */ public function getIp(bool $safe = false): ?string { + $client_header = null; if(!$safe){ if ($this->getHeader('http-cf-connecting-ip') !== null) { - return $this->getHeader('http-cf-connecting-ip'); - } - if($this->getHeader('http-client-ip') !== null){ - return $this->getHeader('http-client-ip'); - } - if($this->getHeader('http-x-forwarded-for') !== null){ - return $this->getHeader('http-x-forwarded-for'); + $client_header = $this->getHeader('http-cf-connecting-ip'); + }else if($this->getHeader('http-client-ip') !== null){ + $client_header = $this->getHeader('http-client-ip'); + }else if($this->getHeader('http-x-forwarded-for') !== null){ + $client_header = $this->getHeader('http-x-forwarded-for'); } } + if($client_header !== null && filter_var($client_header, FILTER_VALIDATE_IP)) + return $client_header; return $this->getHeader('remote-addr'); } From 1e0417b249339b4111961aff6600a822c8feb22a Mon Sep 17 00:00:00 2001 From: Marius Karstedt Date: Mon, 22 Mar 2021 11:18:16 +0100 Subject: [PATCH 5/6] also check remote-addr (can be edited https://stackoverflow.com/questions/5092563/how-to-fake-serverremote-addr-variable) --- src/Pecee/Http/Request.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php index 1ec099d..6a7b883 100644 --- a/src/Pecee/Http/Request.php +++ b/src/Pecee/Http/Request.php @@ -175,9 +175,9 @@ class Request $client_header = $this->getHeader('http-x-forwarded-for'); } } - if($client_header !== null && filter_var($client_header, FILTER_VALIDATE_IP)) - return $client_header; - return $this->getHeader('remote-addr'); + if($client_header === null) + $client_header = $this->getHeader('remote-addr'); + return filter_var($client_header, FILTER_VALIDATE_IP) ? $client_header : null; } /** From 5508c73e856a09d1653b5055e58556cba91b62da Mon Sep 17 00:00:00 2001 From: DeveloperMarius Date: Mon, 22 Mar 2021 22:25:59 +0100 Subject: [PATCH 6/6] getIp() update to new header method --- src/Pecee/Http/Request.php | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php index d10c48b..35746ad 100644 --- a/src/Pecee/Http/Request.php +++ b/src/Pecee/Http/Request.php @@ -208,22 +208,18 @@ class Request */ public function getIp(bool $safe = false): ?string { - return $this->getHeader( - 'http-cf-connecting-ip', - $this->getHeader( - 'http-x-forwarded-for', - $this->getHeader('remote-addr') - ) - ); $client_header = null; if(!$safe){ - if ($this->getHeader('http-cf-connecting-ip') !== null) { - $client_header = $this->getHeader('http-cf-connecting-ip'); - }else if($this->getHeader('http-client-ip') !== null){ - $client_header = $this->getHeader('http-client-ip'); - }else if($this->getHeader('http-x-forwarded-for') !== null){ - $client_header = $this->getHeader('http-x-forwarded-for'); - } + $client_header = $this->getHeader( + 'http-cf-connecting-ip', + $this->getHeader( + 'http-client-ip', + $this->getHeader( + 'http-x-forwarded-for', + $this->getHeader('remote-addr') + ) + ) + ); } if($client_header === null) $client_header = $this->getHeader('remote-addr');