[#MDL-19037] Implement getremoteaddr() in all places where $_SERVER['REMOTE_ADDR'] is used - Moodle Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.4
Fix Version/s: 1.9.5
Component/s: Libraries
Labels:
None

Difficulty:
Easy
Affected Branches:
MOODLE_19_STABLE
Fixed Branches:
MOODLE_19_STABLE

Description

getremoteaddr() is designed to get the best IP for the current user, with settings so that the admin can even control the way it works.

We should be using it consistently everywhere, but currently there are still places where we are not and are accessing $_SERVER['REMOTE_ADDR'] directly

ie:

auth/cas/cas_ldap_sync_users.php
auth/db/auth_db_sync_users.php
lib/moodlelib.php
lib/form/recaptcha.php
mnet/remote_client.php
mod/resource/type/file/resource.class.php
mod/resource/type/repository/resource.class.php

Dongsheng, can you carefully fix these for 1.9.5 please?

Issue Links

This issue has a non-specific relationship to:
MDL-13894	Apache access log ip address and moodle stored ip addresses do not match.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Dongsheng Cai added a comment - 01/May/09 11:00 AM

$_SERVER['REMOTE_ADDR'] is used to check if user is accessing from web, it is OK in this case.
phpmail and pear auth lib use $_SERVER['REMOTE_ADDR'] directly, I think we should change them.

Following files should be changed:
auth/ldap/auth.php
lib/form/recaptcha.php
mod/hotpot/view.php
mod/resource/type/file/resource.class.php
mod/resource/type/repository/resource.class.php

Show

Dongsheng Cai added a comment - 01/May/09 11:00 AM $_SERVER['REMOTE_ADDR'] is used to check if user is accessing from web, it is OK in this case. phpmail and pear auth lib use $_SERVER['REMOTE_ADDR'] directly, I think we should change them. Following files should be changed: auth/ldap/auth.php lib/form/recaptcha.php mod/hotpot/view.php mod/resource/type/file/resource.class.php mod/resource/type/repository/resource.class.php

Hide

Permalink

Martin Dougiamas added a comment - 01/May/09 3:33 PM - edited

Thanks. Doesn't look like these are merged to 1.9.x yet ... ?

Show

Martin Dougiamas added a comment - 01/May/09 3:33 PM - edited Thanks. Doesn't look like these are merged to 1.9.x yet ... ?

Hide

Permalink

Dongsheng Cai added a comment - 01/May/09 4:07 PM

Sorry, I forgot to comit it..

Show

Dongsheng Cai added a comment - 01/May/09 4:07 PM Sorry, I forgot to comit it..

Hide

Permalink

Petr Škoda (skodak) added a comment - 05/May/09 7:33 PM

thanks

Show

Petr Škoda (skodak) added a comment - 05/May/09 7:33 PM thanks

Hide

Permalink

Chris Fryer added a comment - 06/Oct/09 3:58 AM

May I suggest you backport this change:

http://cvs.moodle.org/moodle/mnet/remote_client.php?r1=1.7&r2=1.8

to MOODLE_19_WEEKLY? getremoteaddr() and address_in_subnet() exist in 1.9.x now.

This will fix an issue where unencrypted XML-RPC calls fail when Moodle is behind a reverse proxy.

Thanks,

Chris

Show

Chris Fryer added a comment - 06/Oct/09 3:58 AM May I suggest you backport this change: http://cvs.moodle.org/moodle/mnet/remote_client.php?r1=1.7&r2=1.8 to MOODLE_19_WEEKLY? getremoteaddr() and address_in_subnet() exist in 1.9.x now. This will fix an issue where unencrypted XML-RPC calls fail when Moodle is behind a reverse proxy. Thanks, Chris

People

Assignee:

Dongsheng Cai

Reporter:

Martin Dougiamas

Tester:

Petr Škoda (skodak)

Participants:

Chris Fryer, Dongsheng Cai, Martin Dougiamas, Petr Škoda (skodak)

Vote (0)

Watch (3)

Dates

Created:

01/May/09 9:59 AM

Updated:

06/Oct/09 3:58 AM

Resolved:

04/May/09 10:55 AM