diff --git a/phpBB/admin/admin_board.php b/phpBB/admin/admin_board.php
index a72fd4f10e..d5a39acbc0 100644
--- a/phpBB/admin/admin_board.php
+++ b/phpBB/admin/admin_board.php
@@ -16,7 +16,7 @@ define('IN_PHPBB', 1);
if( !empty($setmodules) )
{
$file = basename(__FILE__);
- $module['General']['Configuration'] = "$file?mode=config";
+ $module['General']['Configuration'] = "$file";
return;
}
diff --git a/phpBB/common.php b/phpBB/common.php
index 2427ca8f2a..49ef4e7fa2 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -130,10 +130,21 @@ if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
- if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+ $entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
+ reset($entries);
+ while (list(, $entry) = each($entries))
{
- $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
- $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ $entry = trim($entry);
+ if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
+ {
+ $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
+ $found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ if ($client_ip != $found_ip)
+ {
+ $client_ip = $found_ip;
+ break;
+ }
+ }
}
}
else
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 7f5f6f6fbd..5c5427ea72 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -115,6 +115,8 @@ p,ul,td {font-size:10pt;}
Added mail header X-MimeOLE to the emailer class
Prevent registration if user is logged in or user trying to register a second time
Prevent usage of ALT-255 in Usernames
+Fixed IP retrieval for users with two proxy setups while the first proxy is hiding the clients IP Address - cosmos
+Fixed Cache-Control header for correctly resetting cookies - cosmos
1.ii. Changes since 2.0.3
diff --git a/phpBB/includes/emailer.php b/phpBB/includes/emailer.php
index d6e94d52c3..d5732ce58e 100755
--- a/phpBB/includes/emailer.php
+++ b/phpBB/includes/emailer.php
@@ -148,7 +148,8 @@ class emailer
$this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg);
// Set vars
- foreach ($this->vars as $key => $val)
+ reset ($this->vars);
+ while (list($key, $val) = each($this->vars))
{
$$key = $val;
}
@@ -156,7 +157,8 @@ class emailer
eval("\$this->msg = '$this->msg';");
// Clear vars
- foreach ($this->vars as $key => $val)
+ reset ($this->vars);
+ while (list($key, $val) = each($this->vars))
{
unset($$key);
}
diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php
index 361b6837a3..1d86caa5f8 100644
--- a/phpBB/includes/page_header.php
+++ b/phpBB/includes/page_header.php
@@ -461,15 +461,18 @@ else
}
}
+// Add no-cache control for cookies if they are set
+$c_no_cache = (isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) ? 'no-cache="set-cookie", ' : '';
+
// Work around for "current" Apache 2 + PHP module which seems to not
// cope with private cache control setting
if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
{
- header ('Cache-Control: no-cache, pre-check=0, post-check=0, max-age=0');
+ header ('Cache-Control: ' . $c_no_cache . 'no-cache, pre-check=0, post-check=0, max-age=0');
}
else
{
- header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+ header ('Cache-Control: ' . $c_no_cache . 'private, pre-check=0, post-check=0, max-age=0');
}
header ('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
header ('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');