When MediaWiki is being run behind a proxy, also check the X-Real-IP header to determ...

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 96b7fa2..2bc2158 100644 (file)
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -36,6 +36,8 @@ production.
 * Most presentational html attributes like valign are now converted to inline
   css style rules. These attributes were removed from html5 and so we clean them up
   when $wgHtml5 is enabled. This can be disabled using $wgCleanupPresentationalAttributes. 
+* When MediaWiki is being run behind a proxy, the X-Real-IP header is now also checked
+  to determine the client's actual IP address.
 
 === Bug fixes in 1.19 ===
 * $wgUploadNavigationUrl should be used for file redlinks if

diff --git a/includes/ProxyTools.php b/includes/ProxyTools.php
index ca485c2..68b27c9 100644 (file)
--- a/includes/ProxyTools.php
+++ b/includes/ProxyTools.php
@@ -7,7 +7,7 @@
 
 /**
  * Extracts the XFF string from the request header
- * Checks first for "X-Forwarded-For", then "Client-ip"
+ * Checks first for "X-Forwarded-For", then "Client-ip", then "X-Real-IP"
  * Note: headers are spoofable
  * @return string
  */
@@ -21,11 +21,13 @@ function wfGetForwardedFor() {
                }
                $index = strtoupper ( 'X-Forwarded-For' );
                $index2 = strtoupper ( 'Client-ip' );
+               $index3 = strtoupper ( 'X-Real-IP' );
        } else {
                // Subject to spoofing with headers like X_Forwarded_For
                $set = $_SERVER;
                $index = 'HTTP_X_FORWARDED_FOR';
                $index2 = 'CLIENT-IP';
+               $index3 = 'HTTP_X_REAL_IP';
        }
 
        #Try a couple of headers
@@ -33,6 +35,8 @@ function wfGetForwardedFor() {
                return $set[$index];
        } elseif( isset( $set[$index2] ) ) {
                return $set[$index2];
+       } elseif( isset( $set[$index3] ) ) {
+               return $set[$index3];
        } else {
                return null;
        }