From 24f7e3ab13815de24749e6e93c3421c7c3cf0c99 Mon Sep 17 00:00:00 2001
From: Marius Karstedt <m.karstedt@repaste.de>
Date: Mon, 22 Mar 2021 11:15:47 +0100
Subject: [PATCH] Validate IP header

---
 src/Pecee/Http/Request.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/Pecee/Http/Request.php b/src/Pecee/Http/Request.php
index d72ee3f..1ec099d 100644
--- a/src/Pecee/Http/Request.php
+++ b/src/Pecee/Http/Request.php
@@ -165,17 +165,18 @@ class Request
      */
     public function getIp(bool $safe = false): ?string
     {
+        $client_header = null;
         if(!$safe){
             if ($this->getHeader('http-cf-connecting-ip') !== null) {
-                return $this->getHeader('http-cf-connecting-ip');
-            }
-            if($this->getHeader('http-client-ip') !== null){
-                return $this->getHeader('http-client-ip');
-            }
-            if($this->getHeader('http-x-forwarded-for') !== null){
-                return $this->getHeader('http-x-forwarded-for');
+                $client_header = $this->getHeader('http-cf-connecting-ip');
+            }else if($this->getHeader('http-client-ip') !== null){
+                $client_header = $this->getHeader('http-client-ip');
+            }else if($this->getHeader('http-x-forwarded-for') !== null){
+                $client_header = $this->getHeader('http-x-forwarded-for');
             }
         }
+        if($client_header !== null && filter_var($client_header, FILTER_VALIDATE_IP))
+            return $client_header;
         return $this->getHeader('remote-addr');
     }