mirrors
/
PretendYoureXyzzy
mirror of https://github.com/ajanata/PretendYoureXyzzy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check user address against X-Forwarded-For

This commit is contained in:
Andy Janata 2018-06-13 11:46:59 -07:00
parent d8740258d7
commit 9e8aa1eb7b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/net/socialgamer/cah/servlets/CahServlet.java
View File

@ -48,6 +48,7 @@ import net.socialgamer.cah.Constants.AjaxResponse;
import net.socialgamer.cah.Constants.ErrorCode;
import net.socialgamer.cah.Constants.ReturnableData;
import net.socialgamer.cah.Constants.SessionAttribute;
import net.socialgamer.cah.RequestWrapper;
import net.socialgamer.cah.StartupUtils;
import net.socialgamer.cah.data.User;
@ -107,7 +108,8 @@ public abstract class CahServlet extends HttpServlet {
|| op.equals(AjaxOperation.FIRST_LOAD.toString()));
if (!skipSessionUserCheck && hSession.getAttribute(SessionAttribute.USER) == null) {
returnError(user, response.getWriter(), ErrorCode.NOT_REGISTERED, serial);
} else if (user != null && !user.isValidFromHost(request.getRemoteAddr())) {
} else if (user != null
&& !user.isValidFromHost(new RequestWrapper(request).getRemoteAddr())) {
// user probably pinged out, or possibly kicked by admin
// or their IP address magically changed (working around a ban?)
hSession.invalidate();