blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2025-05-10 04:29:09 +08:00
Code Issues Projects Releases Wiki Activity

fix bug in validateHeader

Browse Source
This commit is contained in:
trigun 2023-03-03 12:42:18 +03:00
parent a889c58de7
commit 41a4159766
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
gin.go
View File

@ -463,17 +463,20 @@ func (engine *Engine) validateHeader(header string) (clientIP string, valid bool
for i := len(items) - 1; i >= 0; i-- { for i := len(items) - 1; i >= 0; i-- {
ipStr := strings.TrimSpace(items[i]) ipStr := strings.TrimSpace(items[i])
ip := net.ParseIP(ipStr) ip := net.ParseIP(ipStr)
valid = true
if ip == nil { if ip == nil {
break ipStr = ""
valid = false
} }
// X-Forwarded-For is appended by proxy // X-Forwarded-For is appended by proxy
// Check IPs in reverse order and stop when find untrusted proxy // Check IPs in reverse order and stop when find untrusted proxy
if (i == 0) || (!engine.isTrustedProxy(ip)) { if valid && (!engine.isTrustedProxy(ip)) {
return ipStr, true return ipStr, valid
} }
} }
return "", false return "", valid
} }
// parseIP parse a string representation of an IP and returns a net.IP with the // parseIP parse a string representation of an IP and returns a net.IP with the