Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
services
t3o sites
typo3.org
typo3.org
Commits
6e2ef9bc
Commit
6e2ef9bc
authored
Jun 03, 2020
by
Michael Stucki
Browse files
t3a-members.php: Check REMOTE_ADDR instead of proxy header
parent
0a2600a1
Pipeline
#8988
passed with stages
in 6 minutes and 39 seconds
Changes
1
Pipelines
3
Hide whitespace changes
Inline
Side-by-side
public/services/t3a-members.php
View file @
6e2ef9bc
...
...
@@ -16,12 +16,12 @@ if (empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && empty($_SERVER['HTTPS'])) {
header
(
'HTTP/1.0 403 Forbidden'
);
die
(
'Not using HTTPS'
);
}
if
(
isset
(
$apiKeys
[
$_SERVER
[
'
HTTP_X_FORWARDED_FO
R'
]])
&&
$apiKeys
[
$_SERVER
[
'
HTTP_X_FORWARDED_FO
R'
]]
===
$_GET
[
'apiKey'
])
{
if
(
isset
(
$apiKeys
[
$_SERVER
[
'
REMOTE_ADD
R'
]])
&&
$apiKeys
[
$_SERVER
[
'
REMOTE_ADD
R'
]]
===
$_GET
[
'apiKey'
])
{
echo
printAssociationMembers
();
}
else
{
syslog
(
LOG_NOTICE
,
't3a-members.php: API key for remote address '
.
$_SERVER
[
'
HTTP_X_FORWARDED_FO
R'
]
.
' not found or invalid.'
't3a-members.php: API key for remote address '
.
$_SERVER
[
'
REMOTE_ADD
R'
]
.
' not found or invalid.'
);
header
(
'HTTP/1.0 403 Forbidden'
);
die
(
'Invalid token'
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment