FEATURE: Check to confirm if PHP REMOTE_ADDR is set properly - Githubissues

cloudflare / Cloudflare-WordPress

A Cloudflare plugin for WordPress

https://www.cloudflare.com/wordpress/

BSD 3-Clause "New" or "Revised" License

216 stars 83 forks source link

FEATURE: Check to confirm if PHP REMOTE_ADDR is set properly #533

Closed jordantrizz closed 2 months ago

jordantrizz commented 9 months ago

Confirmation

[X] My issue isn't already found on the issue tracker.
[X] I have replicated my issue using the latest version of the plugin and it is still present.

WordPress version

6.4.3

Cloudflare-WordPress version

4.12.4

PHP version

8.0

Expected result

There are tests to ensure that PHP's REMOTE_ADDR is correctly providing non-Cloudflare IP's as per this article.

https://snicco.io/blog/how-to-safely-get-the-ip-address-in-a-wordpress-plugin

I would go further and put in detection to confirm the site is proxied.

Actual result

A warning that PHP's REMOTE_ADDR is misconfigured or spoofed.

Steps to reproduce

Install Cloudflare Plugin

Additional factoids

No response

References

No response

github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.