From 54beb511c0265db25863a29dd3321f9986c8f5fc Mon Sep 17 00:00:00 2001
From: nuxsmin <nuxsmin@syspass.org>
Date: Mon, 18 Sep 2017 12:53:44 +0200
Subject: [PATCH] * [MOD] Improved regex for retrieving ip addresses through
 reverse proxy.

---
 inc/SP/Util/HttpUtil.class.php | 12 ++++++++----
 inc/SP/Util/Util.class.php     |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/inc/SP/Util/HttpUtil.class.php b/inc/SP/Util/HttpUtil.class.php
index 76a01cb0..0c4aa3c0 100644
--- a/inc/SP/Util/HttpUtil.class.php
+++ b/inc/SP/Util/HttpUtil.class.php
@@ -113,14 +113,18 @@ class HttpUtil
      */
     public static function getForwardedFor()
     {
-        if (preg_match_all('/for=([0-9\.]+)[,;]+/i',
+        if (preg_match_all('/for=["\[]*([\w.:]+)["\]]*[,;]?/i',
             Request::getRequestHeaders('HTTP_FORWARDED'), $matchesFor)) {
             return $matchesFor[1];
         }
 
-        if (preg_match_all('/([\w.:]+)(,|$)/',
-            Request::getRequestHeaders('HTTP_X_FORWARDED_FOR'), $matchesFor)) {
-            return $matchesFor[1];
+        $matchesFor = preg_split('/(?<=[\w])+,/i',
+            Request::getRequestHeaders('HTTP_X_FORWARDED_FOR'),
+            -1,
+            PREG_SPLIT_NO_EMPTY);
+
+        if (count($matchesFor) > 0) {
+            return $matchesFor;
         }
 
         return $_SERVER['REMOTE_ADDR'];
diff --git a/inc/SP/Util/Util.class.php b/inc/SP/Util/Util.class.php
index 199d0fb9..a4bf9275 100644
--- a/inc/SP/Util/Util.class.php
+++ b/inc/SP/Util/Util.class.php
@@ -386,7 +386,7 @@ class Util
      */
     public static function getVersion($retBuild = false, $normalized = false)
     {
-        $build = 17091802;
+        $build = 17091803;
         $version = [2, 1, 15];
 
         if ($normalized === true) {