Updated

bt/announce.php

@@ -142,19 +142,19 @@ $ip = $_SERVER['REMOTE_ADDR'];
 // 'ip' query handling
 if (!$bb_cfg['ignore_reported_ip'] && isset($_GET['ip']) && $ip !== $_GET['ip'])
 {
-    if (!$bb_cfg['verify_reported_ip'] && isset($_SERVER['HTTP_X_FORWARDED_FOR']))
+	if (!$bb_cfg['verify_reported_ip'] && isset($_SERVER['HTTP_X_FORWARDED_FOR']))
-    {
+	{
-        $x_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+		$x_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
 
-        if ($x_ip === $_GET['ip'])
+		if ($x_ip === $_GET['ip'])
-        {
+		{
-            $filteredIp = filter_var($x_ip, FILTER_VALIDATE_IP);
+			$filteredIp = filter_var($x_ip, FILTER_VALIDATE_IP);
-            if ($filteredIp !== false && ($bb_cfg['allow_internal_ip'] || !filter_var($filteredIp, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)))
+			if ($filteredIp !== false && ($bb_cfg['allow_internal_ip'] || !filter_var($filteredIp, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)))
-            {
+			{
-                $ip = $filteredIp;
+				$ip = $filteredIp;
-            }
+			}
-        }
+		}
-    }
+	}
 }
 // Check that IP format is valid
 if (!verify_ip($ip))

common.php

@@ -37,10 +37,18 @@ header('X-Frame-Options: SAMEORIGIN');
 header('X-Powered-By: TorrentPier LTS Forever!');
 date_default_timezone_set('UTC');
 
-// Cloudflare
+// Set remote address
-if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
+$allowedCDNs = array(
+    'HTTP_X_FORWARDED_FOR',
+    'HTTP_FASTLY_CLIENT_IP',
+    'HTTP_CF_CONNECTING_IP'
+);
+foreach ($allowedCDNs as $allowedCDN)
 {
-	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
+    if (isset($_SERVER[$allowedCDN]) && filter_var($_SERVER[$allowedCDN], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE))
+    {
+        $_SERVER['REMOTE_ADDR'] = $_SERVER[$allowedCDN];
+    }
 }
 
 // Get initial config