github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-22 06:13:58 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: Enhance client IP detection with trusted proxy validation (#2085)
Some checks are pending
Continuous Integration / Nightly builds 📦 (push) Waiting to run
Details
Continuous Integration / 🎉 Deploy (push) Waiting to run
Details
PHPMD / Run PHPMD scanning (push) Waiting to run
Details

Browse source 
* feat: Enhance client IP detection with trusted proxy validation

* Update common.php

* Update composer.lock
This commit is contained in:
Roman Kelesidis 2025-08-19 11:24:23 +03:00 committed by GitHub
commit 1e3e58aeed
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 111 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

39
common.php
View file

@ -42,12 +42,43 @@ header('X-Frame-Options: SAMEORIGIN');
date_default_timezone_set('UTC');
// Set remote address
$allowedCDNs = ['HTTP_X_FORWARDED_FOR', 'HTTP_FASTLY_CLIENT_IP', 'HTTP_CF_CONNECTING_IP'];
foreach ($allowedCDNs as $allowedCDN) {
if (isset($_SERVER[$allowedCDN]) && filter_var($_SERVER[$allowedCDN], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$_SERVER['REMOTE_ADDR'] = $_SERVER[$allowedCDN];
$trustedProxies = [
// Optional trusted proxy validation (empty array = disabled)
// '127.0.0.1'
];
$allowedCDNs = [
'HTTP_CF_CONNECTING_IP',
'HTTP_FASTLY_CLIENT_IP',
'HTTP_X_REAL_IP',
'HTTP_X_FORWARDED_FOR',
// Add your custom headers here if needed
// Example: 'HTTP_TRUE_CLIENT_IP', // Akamai
// Example: 'HTTP_X_CLIENT_IP', // Custom proxy
// Example: 'HTTP_INCAP_CLIENT_IP', // Incapsula
];
if (empty($trustedProxies) || in_array($_SERVER['REMOTE_ADDR'], $trustedProxies)) {
foreach ($allowedCDNs as $header) {
if (!isset($_SERVER[$header])) {
continue;
}
if ($header === 'HTTP_X_FORWARDED_FOR') {
// Handle X-Forwarded-For which may contain multiple IPs
$ips = explode(',', $_SERVER[$header]);
$clientIP = trim($ips[0]);
} else {
$clientIP = $_SERVER[$header];
}
if (filter_var($clientIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$_SERVER['REMOTE_ADDR'] = $clientIP;
break;
}
}
}
unset($trustedProxies, $clientIP, $allowedCDNs);
// Get all constants
require_once BB_PATH . '/library/defines.php';

129
composer.lock generated
View file

@ -80,20 +80,20 @@
},
{
"name": "arokettu/is-resource",
"version": "1.0.4",
"version": "1.0.5",
"source": {
"type": "git",
"url": "https://github.com/arokettu/is-resource.git",
"reference": "6a4966bf4608c69d20b7bf01670b49901a51eb9d"
"reference": "17d3e955140b23c53c4d47d779f1e443d492ffad"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/arokettu/is-resource/zipball/6a4966bf4608c69d20b7bf01670b49901a51eb9d",
"reference": "6a4966bf4608c69d20b7bf01670b49901a51eb9d",
"url": "https://api.github.com/repos/arokettu/is-resource/zipball/17d3e955140b23c53c4d47d779f1e443d492ffad",
"reference": "17d3e955140b23c53c4d47d779f1e443d492ffad",
"shasum": ""
},
"require": {
"php": ">= 5.3 < 8.5"
"php": ">=5.3 <8.6"
},
"type": "library",
"autoload": {
@ -137,7 +137,7 @@
"issues": "https://gitlab.com/sandfox/is-resource/-/issues",
"source": "https://gitlab.com/sandfox/is-resource"
},
"time": "2024-08-27T04:34:45+00:00"
"time": "2025-08-15T16:09:36+00:00"
},
{
"name": "arokettu/monsterid",
@ -145,12 +145,12 @@
"source": {
"type": "git",
"url": "https://github.com/arokettu/monsterid.git",
"reference": "4e7484a593c42eba960ee555877dd9b26577fe8a"
"reference": "75385558ba1aef68f9bd969855054070a19ebffc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/arokettu/monsterid/zipball/4e7484a593c42eba960ee555877dd9b26577fe8a",
"reference": "4e7484a593c42eba960ee555877dd9b26577fe8a",
"url": "https://api.github.com/repos/arokettu/monsterid/zipball/75385558ba1aef68f9bd969855054070a19ebffc",
"reference": "75385558ba1aef68f9bd969855054070a19ebffc",
"shasum": ""
},
"require": {
@ -215,7 +215,7 @@
"issues": "https://gitlab.com/sandfox/monsterid/-/issues",
"source": "https://gitlab.com/sandfox/monsterid"
},
"time": "2025-04-03T13:37:00+00:00"
"time": "2025-08-15T16:45:09+00:00"
},
{
"name": "arokettu/random-polyfill",
@ -749,16 +749,16 @@
},
{
"name": "filp/whoops",
"version": "2.18.3",
"version": "2.18.4",
"source": {
"type": "git",
"url": "https://github.com/filp/whoops.git",
"reference": "59a123a3d459c5a23055802237cb317f609867e5"
"reference": "d2102955e48b9fd9ab24280a7ad12ed552752c4d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/filp/whoops/zipball/59a123a3d459c5a23055802237cb317f609867e5",
"reference": "59a123a3d459c5a23055802237cb317f609867e5",
"url": "https://api.github.com/repos/filp/whoops/zipball/d2102955e48b9fd9ab24280a7ad12ed552752c4d",
"reference": "d2102955e48b9fd9ab24280a7ad12ed552752c4d",
"shasum": ""
},
"require": {
@ -808,7 +808,7 @@
],
"support": {
"issues": "https://github.com/filp/whoops/issues",
"source": "https://github.com/filp/whoops/tree/2.18.3"
"source": "https://github.com/filp/whoops/tree/2.18.4"
},
"funding": [
{
@ -816,7 +816,7 @@
"type": "github"
}
],
"time": "2025-06-16T00:02:10+00:00"
"time": "2025-08-08T12:00:00+00:00"
},
{
"name": "gemorroj/m3u-parser",
@ -2848,16 +2848,16 @@
},
{
"name": "symfony/event-dispatcher",
"version": "v6.4.13",
"version": "v6.4.24",
"source": {
"type": "git",
"url": "https://github.com/symfony/event-dispatcher.git",
"reference": "0ffc48080ab3e9132ea74ef4e09d8dcf26bf897e"
"reference": "307a09d8d7228d14a05e5e05b95fffdacab032b2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/0ffc48080ab3e9132ea74ef4e09d8dcf26bf897e",
"reference": "0ffc48080ab3e9132ea74ef4e09d8dcf26bf897e",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/307a09d8d7228d14a05e5e05b95fffdacab032b2",
"reference": "307a09d8d7228d14a05e5e05b95fffdacab032b2",
"shasum": ""
},
"require": {
@ -2908,7 +2908,7 @@
"description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/event-dispatcher/tree/v6.4.13"
"source": "https://github.com/symfony/event-dispatcher/tree/v6.4.24"
},
"funding": [
{
@ -2919,12 +2919,16 @@
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://github.com/nicolas-grekas",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2024-09-25T14:18:03+00:00"
"time": "2025-07-10T08:14:14+00:00"
},
{
"name": "symfony/event-dispatcher-contracts",
@ -3004,16 +3008,16 @@
},
{
"name": "symfony/filesystem",
"version": "v6.4.13",
"version": "v6.4.24",
"source": {
"type": "git",
"url": "https://github.com/symfony/filesystem.git",
"reference": "4856c9cf585d5a0313d8d35afd681a526f038dd3"
"reference": "75ae2edb7cdcc0c53766c30b0a2512b8df574bd8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/filesystem/zipball/4856c9cf585d5a0313d8d35afd681a526f038dd3",
"reference": "4856c9cf585d5a0313d8d35afd681a526f038dd3",
"url": "https://api.github.com/repos/symfony/filesystem/zipball/75ae2edb7cdcc0c53766c30b0a2512b8df574bd8",
"reference": "75ae2edb7cdcc0c53766c30b0a2512b8df574bd8",
"shasum": ""
},
"require": {
@ -3050,7 +3054,7 @@
"description": "Provides basic utilities for the filesystem",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/filesystem/tree/v6.4.13"
"source": "https://github.com/symfony/filesystem/tree/v6.4.24"
},
"funding": [
{
@ -3061,25 +3065,29 @@
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://github.com/nicolas-grekas",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2024-10-25T15:07:50+00:00"
"time": "2025-07-10T08:14:14+00:00"
},
{
"name": "symfony/finder",
"version": "v6.4.17",
"version": "v6.4.24",
"source": {
"type": "git",
"url": "https://github.com/symfony/finder.git",
"reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7"
"reference": "73089124388c8510efb8d2d1689285d285937b08"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/finder/zipball/1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
"reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7",
"url": "https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08",
"reference": "73089124388c8510efb8d2d1689285d285937b08",
"shasum": ""
},
"require": {
@ -3114,7 +3122,7 @@
"description": "Finds files and directories via an intuitive fluent interface",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/finder/tree/v6.4.17"
"source": "https://github.com/symfony/finder/tree/v6.4.24"
},
"funding": [
{
@ -3125,25 +3133,29 @@
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://github.com/nicolas-grekas",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2024-12-29T13:51:37+00:00"
"time": "2025-07-15T12:02:45+00:00"
},
{
"name": "symfony/mailer",
"version": "v6.4.23",
"version": "v6.4.24",
"source": {
"type": "git",
"url": "https://github.com/symfony/mailer.git",
"reference": "a480322ddf8e54de262c9bca31fdcbe26b553de5"
"reference": "b4d7fa2c69641109979ed06e98a588d245362062"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/mailer/zipball/a480322ddf8e54de262c9bca31fdcbe26b553de5",
"reference": "a480322ddf8e54de262c9bca31fdcbe26b553de5",
"url": "https://api.github.com/repos/symfony/mailer/zipball/b4d7fa2c69641109979ed06e98a588d245362062",
"reference": "b4d7fa2c69641109979ed06e98a588d245362062",
"shasum": ""
},
"require": {
@ -3194,7 +3206,7 @@
"description": "Helps sending emails",
"homepage": "https://symfony.com",
"support": {
"source": "https://github.com/symfony/mailer/tree/v6.4.23"
"source": "https://github.com/symfony/mailer/tree/v6.4.24"
},
"funding": [
{
@ -3205,25 +3217,29 @@
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://github.com/nicolas-grekas",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2025-06-26T21:24:02+00:00"
"time": "2025-07-24T08:25:04+00:00"
},
{
"name": "symfony/mime",
"version": "v6.4.21",
"version": "v6.4.24",
"source": {
"type": "git",
"url": "https://github.com/symfony/mime.git",
"reference": "fec8aa5231f3904754955fad33c2db50594d22d1"
"reference": "664d5e844a2de5e11c8255d0aef6bc15a9660ac7"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/mime/zipball/fec8aa5231f3904754955fad33c2db50594d22d1",
"reference": "fec8aa5231f3904754955fad33c2db50594d22d1",
"url": "https://api.github.com/repos/symfony/mime/zipball/664d5e844a2de5e11c8255d0aef6bc15a9660ac7",
"reference": "664d5e844a2de5e11c8255d0aef6bc15a9660ac7",
"shasum": ""
},
"require": {
@ -3279,7 +3295,7 @@
"mime-type"
],
"support": {
"source": "https://github.com/symfony/mime/tree/v6.4.21"
"source": "https://github.com/symfony/mime/tree/v6.4.24"
},
"funding": [
{
@ -3290,12 +3306,16 @@
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://github.com/nicolas-grekas",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2025-04-27T13:27:38+00:00"
"time": "2025-07-15T12:02:45+00:00"
},
{
"name": "symfony/polyfill",
@ -3639,16 +3659,16 @@
"packages-dev": [
{
"name": "symfony/var-dumper",
"version": "v6.4.23",
"version": "v6.4.24",
"source": {
"type": "git",
"url": "https://github.com/symfony/var-dumper.git",
"reference": "d55b1834cdbfcc31bc2cd7e095ba5ed9a88f6600"
"reference": "aa29484ce0544bd69fa9f0df902e5ed7b7fe5034"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/var-dumper/zipball/d55b1834cdbfcc31bc2cd7e095ba5ed9a88f6600",
"reference": "d55b1834cdbfcc31bc2cd7e095ba5ed9a88f6600",
"url": "https://api.github.com/repos/symfony/var-dumper/zipball/aa29484ce0544bd69fa9f0df902e5ed7b7fe5034",
"reference": "aa29484ce0544bd69fa9f0df902e5ed7b7fe5034",
"shasum": ""
},
"require": {
@ -3660,7 +3680,6 @@
"symfony/console": "<5.4"
},
"require-dev": {
"ext-iconv": "*",
"symfony/console": "^5.4|^6.0|^7.0",
"symfony/error-handler": "^6.3|^7.0",
"symfony/http-kernel": "^5.4|^6.0|^7.0",
@ -3704,7 +3723,7 @@
"dump"
],
"support": {
"source": "https://github.com/symfony/var-dumper/tree/v6.4.23"
"source": "https://github.com/symfony/var-dumper/tree/v6.4.24"
},
"funding": [
{
@ -3715,12 +3734,16 @@
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://github.com/nicolas-grekas",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2025-06-27T15:05:27+00:00"
"time": "2025-07-29T18:40:01+00:00"
}
],
"aliases": [],