From b59c662967c24e4b7946ba740bc5ba63c63eb1e4 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 18 Mar 2009 09:21:21 +0000
Subject: - Patch #309586 by mr.baileys: IP address from XFF header contains
 spaces and improved code comments.

---
 includes/bootstrap.inc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index a73a969b4..3a18ec71b 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -1351,10 +1351,11 @@ function ip_address($reset = FALSE) {
         // the XFF header if request really comes from one of them.
         $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
         if (!empty($reverse_proxy_addresses) && in_array($ip_address, $reverse_proxy_addresses, TRUE)) {
-          // If there are several arguments, we need to check the most
-          // recently added one, i.e. the last one.
+          // The "X-Forwarded-For" header is a comma+space separated list of IP addresses,
+          // the left-most being the farthest downstream client. If there is more than
+          // one proxy, we are interested in the most recent one (i.e. last one in the list).
           $ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
-          $ip_address = array_pop($ip_address_parts);
+          $ip_address = trim(array_pop($ip_address_parts));
         }
       }
 
-- 
cgit v1.2.3