From: Hugues Lismonde <hugues.lismonde@gmail.com>
Date: Tue, 4 Feb 2020 15:11:53 +0000 (+0100)
Subject: Fix forwarded IP comparison in login-ip plugin
X-Git-Tag: v4.7.7~5
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=3f38b61366a6b594102cfe555157bf0e7141cd51;p=adminer.git

Fix forwarded IP comparison in login-ip plugin

The issue described in #372 is the same for the HTTP_X_FORWARDED_FOR comparison. strncasecmp returns 0 when the two strings are equal which is falsey.
---

diff --git a/plugins/login-ip.php b/plugins/login-ip.php
index 1d51551c..c6f3f8e8 100644
--- a/plugins/login-ip.php
+++ b/plugins/login-ip.php
@@ -29,7 +29,7 @@ class AdminerLoginIp {
 				}
 				if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
 					foreach ($this->forwarded_for as $forwarded_for) {
-						if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for))) {
+						if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for)) == 0) {
 							return true;
 						}
 					}