diff --git a/bt/announce.php b/bt/announce.php index 5b7b4c7d..9f3deccc 100644 --- a/bt/announce.php +++ b/bt/announce.php @@ -142,19 +142,19 @@ $ip = $_SERVER['REMOTE_ADDR']; // 'ip' query handling if (!$bb_cfg['ignore_reported_ip'] && isset($_GET['ip']) && $ip !== $_GET['ip']) { - if (!$bb_cfg['verify_reported_ip'] && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) - { - $x_ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + if (!$bb_cfg['verify_reported_ip'] && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) + { + $x_ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - if ($x_ip === $_GET['ip']) - { - $filteredIp = filter_var($x_ip, FILTER_VALIDATE_IP); - if ($filteredIp !== false && ($bb_cfg['allow_internal_ip'] || !filter_var($filteredIp, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE))) - { - $ip = $filteredIp; - } - } - } + if ($x_ip === $_GET['ip']) + { + $filteredIp = filter_var($x_ip, FILTER_VALIDATE_IP); + if ($filteredIp !== false && ($bb_cfg['allow_internal_ip'] || !filter_var($filteredIp, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE))) + { + $ip = $filteredIp; + } + } + } } // Check that IP format is valid if (!verify_ip($ip)) diff --git a/common.php b/common.php index e85eeb71..5e24c346 100644 --- a/common.php +++ b/common.php @@ -37,10 +37,18 @@ header('X-Frame-Options: SAMEORIGIN'); header('X-Powered-By: TorrentPier LTS Forever!'); date_default_timezone_set('UTC'); -// Cloudflare -if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) +// Set remote address +$allowedCDNs = array( + 'HTTP_X_FORWARDED_FOR', + 'HTTP_FASTLY_CLIENT_IP', + 'HTTP_CF_CONNECTING_IP' +); +foreach ($allowedCDNs as $allowedCDN) { - $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; + if (isset($_SERVER[$allowedCDN]) && filter_var($_SERVER[$allowedCDN], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) + { + $_SERVER['REMOTE_ADDR'] = $_SERVER[$allowedCDN]; + } } // Get initial config