narfbg/proxies-fix.diff

## proxies-fix.diff
diff --git a/system/core/Input.php b/system/core/Input.php
index 968a42a..c3d8980 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -328,34 +328,42 @@ class CI_Input {
                        return $this->ip_address;
                }

-               if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
+               $proxies = config_item('proxy_ips');
+               if ( ! empty($proxies) && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
                {
-                       $has_ranges = strpos($proxies, '/') !== false;
-                       $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
-                       $proxies = is_array($proxies) ? $proxies : array($proxies);
-
-                       if ($has_ranges)
+                       is_array($proxies) OR $proxies = preg_split('/[\s,]/', $proxies, -1, PREG_SPLIT_NO_EMPTY);
+
+                       if (in_array($_SERVER['REMOTE_ADDR'], $proxies, TRUE))
+                       {
+                               $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
+                       }
+                       else
                        {
                                $long_ip = ip2long($_SERVER['REMOTE_ADDR']);
-                               $bit_32 = 1 << 32;

                                // Go through each of the IP Addresses to check for and
                                // test against range notation
-                               foreach($proxies as $ip)
+                               foreach ($proxies as $proxy)
                                {
-                                       list($address, $mask_length) = explode('/', $ip);
-
-                                       // Generate the bitmask for a 32 bit IP Address
-                                       $bitmask = $bit_32 - (1 << (32 - (int)$mask_length));
-                                       if (($long_ip & $bitmask) == $address)
+                                       if (strrchr($proxy, '/') !== FALSE)
                                        {
-                                               $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
-                                               break;
+                                               list($address, $mask_length) = explode('/', $proxy, 2);
+
+                                               // Generate the bitmask for a 32 bit IP Address
	diff --git a/system/core/Input.php b/system/core/Input.php
	index 968a42a..c3d8980 100644
	--- a/system/core/Input.php
	+++ b/system/core/Input.php
	@@ -328,34 +328,42 @@ class CI_Input {
	return $this->ip_address;
	}

	- if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
	+ $proxies = config_item('proxy_ips');
	+ if ( ! empty($proxies) && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
	{
	- $has_ranges = strpos($proxies, '/') !== false;
	- $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
	- $proxies = is_array($proxies) ? $proxies : array($proxies);
	-
	- if ($has_ranges)
	+ is_array($proxies) OR $proxies = preg_split('/[\s,]/', $proxies, -1, PREG_SPLIT_NO_EMPTY);
	+
	+ if (in_array($_SERVER['REMOTE_ADDR'], $proxies, TRUE))
	+ {
	+ $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
	+ }
	+ else
	{
	$long_ip = ip2long($_SERVER['REMOTE_ADDR']);
	- $bit_32 = 1 << 32;

	// Go through each of the IP Addresses to check for and
	// test against range notation
	- foreach($proxies as $ip)
	+ foreach ($proxies as $proxy)
	{
	- list($address, $mask_length) = explode('/', $ip);
	-
	- // Generate the bitmask for a 32 bit IP Address
	- $bitmask = $bit_32 - (1 << (32 - (int)$mask_length));
	- if (($long_ip & $bitmask) == $address)
	+ if (strrchr($proxy, '/') !== FALSE)
	{
	- $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
	- break;
	+ list($address, $mask_length) = explode('/', $proxy, 2);
	+
	+ // Generate the bitmask for a 32 bit IP Address