summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAlex Bilbie <alex.bilbie@gmail.com>2012-07-28 16:08:59 +0200
committerAlex Bilbie <alex.bilbie@gmail.com>2012-07-28 16:08:59 +0200
commitd83e727d6deedded5b637e685accb4fac0dc3985 (patch)
tree43612e9cdc6cf63411187ffdb83782bc469d65ce /system/core
parent27228c97d6f2bc44cf8913c2b0d2e2ee439eb696 (diff)
parentf9ee005f77ea215d5318a9c5991c37453ef18ca0 (diff)
Merge pull request #1640 from thecrypticace/develop
Added support for IP Address Range Masks to the Proxy IPs config option
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Input.php25
1 files changed, 24 insertions, 1 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index 162e40c85..968a42a9a 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -330,10 +330,33 @@ class CI_Input {
if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
{
+ $has_ranges = strpos($proxies, '/') !== false;
$proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
$proxies = is_array($proxies) ? $proxies : array($proxies);
+
+ if ($has_ranges)
+ {
+ $long_ip = ip2long($_SERVER['REMOTE_ADDR']);
+ $bit_32 = 1 << 32;
+
+ // Go through each of the IP Addresses to check for and
+ // test against range notation
+ foreach($proxies as $ip)
+ {
+ list($address, $mask_length) = explode('/', $ip);
+
+ // Generate the bitmask for a 32 bit IP Address
+ $bitmask = $bit_32 - (1 << (32 - (int)$mask_length));
+ if (($long_ip & $bitmask) == $address)
+ {
+ $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ break;
+ }
+ }
- $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+ } else {
+ $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
+ }
}
elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR'))
{