From a520f331c16fc703cc92d5b9853fb91805f82305 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 17 Dec 2013 03:21:05 -0500
Subject: [PATCH] Fix handling of X-Forwarded-For header with multiple addresses (#1489481)

---
 program/steps/mail/sendmail.inc |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index fe966a4..f26034f 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -345,9 +345,10 @@
   $nldlm = "\r\n\t";
   // FROM/VIA
   $http_header = 'from ';
-  if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
-    $host = $_SERVER['HTTP_X_FORWARDED_FOR'];
-    $hostname = gethostbyaddr($host);
+  if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+    $hosts    = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'], 2);
+    $hostname = gethostbyaddr($hosts[0]);
+
     if ($CONFIG['http_received_header_encrypt']) {
       $http_header .= rcmail_encrypt_header($hostname);
       if ($host != $hostname)

--
Gitblit v1.9.1