Merge 41a41597662ddd5f2a4963108aa72d9da2a6cc6b into e88fc8927a52b74f55bec0351604a56ac0aa1c51

fix bug in validateHeader
2026-06-13 00:59:29 +08:00 · 2025-11-21 10:24:17 +01:00 · 2023-03-03 12:42:18 +03:00
1 changed files with 7 additions and 4 deletions
--- a/gin.go
+++ b/gin.go
@ -485,17 +485,20 @@ func (engine *Engine) validateHeader(header string) (clientIP string, valid bool
 	for i := len(items) - 1; i >= 0; i-- {
 		ipStr := strings.TrimSpace(items[i])
 		ip := net.ParseIP(ipStr)
+		valid = true
+
 		if ip == nil {
-			break
+			ipStr = ""
+			valid = false
 		}

 		// X-Forwarded-For is appended by proxy
 		// Check IPs in reverse order and stop when find untrusted proxy
-		if (i == 0) || (!engine.isTrustedProxy(ip)) {
-			return ipStr, true
+		if valid && (!engine.isTrustedProxy(ip)) {
+			return ipStr, valid
 		}
 	}
-	return "", false
+	return "", valid
 }

 // updateRouteTree do update to the route tree recursively
Author	SHA1	Message	Date
Trygun	aa55116299	Merge 41a41597662ddd5f2a4963108aa72d9da2a6cc6b into e88fc8927a52b74f55bec0351604a56ac0aa1c51	2025-11-21 10:24:17 +01:00
trigun	41a4159766	fix bug in validateHeader	2023-03-03 12:42:18 +03:00