From 3fd99e4f6d2939b1a643dd1a6654ea434e1e6ffa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9?= <andre.peters@servercow.de>
Date: Fri, 17 Aug 2018 22:32:42 +0200
Subject: [PATCH] [Web] Important fix: Ignore untrusted headers

---
 data/web/inc/prerequisites.inc.php | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 0ec41fab..c07d4d2d 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -80,25 +80,7 @@ function get_remote_ip($anonymize = null) {
   elseif ($anonymize !== true && $anonymize !== false)  {
     $anonymize = true;
   }
-  $remote = '';
-  if ($_SERVER['HTTP_CLIENT_IP']) {
-    $remote = $_SERVER['HTTP_CLIENT_IP'];
-  }
-  elseif ($_SERVER['HTTP_X_FORWARDED_FOR']) {
-    $remote = $_SERVER['HTTP_X_FORWARDED_FOR'];
-  }
-  elseif ($_SERVER['HTTP_X_FORWARDED']) {
-    $remote = $_SERVER['HTTP_X_FORWARDED'];
-  }
-  elseif ($_SERVER['HTTP_FORWARDED_FOR']) {
-    $remote = $_SERVER['HTTP_FORWARDED_FOR'];
-  }
-  elseif ($_SERVER['HTTP_FORWARDED']) {
-    $remote = $_SERVER['HTTP_FORWARDED'];
-  }
-  elseif ($_SERVER['REMOTE_ADDR']) {
-    $remote = $_SERVER['REMOTE_ADDR'];
-  }
+  $remote = $_SERVER['REMOTE_ADDR'];
   if (filter_var($remote, FILTER_VALIDATE_IP) === false) {
     return '0.0.0.0';
   }