From 91fdf629b4b7de4b73161e9f02918d6f0488c16b Mon Sep 17 00:00:00 2001 From: Tanguy Pruvot Date: Sat, 5 Aug 2017 02:31:28 +0200 Subject: [PATCH] Revert "admin: prevent ip spoofing for admin routes" This reverts commit e3ed4a75b975333690371b3c2fd3d249536e96ae. Not the right place to check this header... --- web/yaamp/modules/common/CommonController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/yaamp/modules/common/CommonController.php b/web/yaamp/modules/common/CommonController.php index c37e49f..1466ac7 100644 --- a/web/yaamp/modules/common/CommonController.php +++ b/web/yaamp/modules/common/CommonController.php @@ -22,7 +22,7 @@ class CommonController extends CController $this->memcache = new YaampMemcache; $this->t1 = microtime(true); - if(user()->getState('yaamp_admin') && !isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { + if(user()->getState('yaamp_admin')) { $this->admin = true; $client_ip = arraySafeVal($_SERVER,'REMOTE_ADDR'); if (!isAdminIP($client_ip)) {