From 70a32e5106011a1c7616a082dd7ed6505c92d36c Mon Sep 17 00:00:00 2001
From: John Kingsnorth <john@johnkingsnorth.co.uk>
Date: Mon, 28 Nov 2022 13:17:46 +0000
Subject: [PATCH] Use IP address helper method consistently

---
 CRM/Api4/Page/AJAX.php                | 4 ++--
 CRM/Core/IDS.php                      | 4 ++--
 CRM/Core/Page/AJAX/Attachment.php     | 2 +-
 CRM/Utils/REST.php                    | 6 +++---
 CRM/Utils/System.php                  | 2 +-
 ext/recaptcha/CRM/Utils/ReCAPTCHA.php | 2 +-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/CRM/Api4/Page/AJAX.php b/CRM/Api4/Page/AJAX.php
index 638d547624..3b57e2bc2d 100644
--- a/CRM/Api4/Page/AJAX.php
+++ b/CRM/Api4/Page/AJAX.php
@@ -29,7 +29,7 @@ class CRM_Api4_Page_AJAX extends CRM_Core_Page {
       ];
       Civi::log()->debug("SECURITY ALERT: Ajax requests can only be issued by javascript clients, eg. CRM.api4().",
         [
-          'IP' => $_SERVER['REMOTE_ADDR'],
+          'IP' => CRM_Utils_System::ipAddress(),
           'level' => 'security',
           'referer' => $_SERVER['HTTP_REFERER'],
           'reason' => 'CSRF suspected',
@@ -48,7 +48,7 @@ class CRM_Api4_Page_AJAX extends CRM_Core_Page {
       ];
       Civi::log()->debug("SECURITY: All requests that modify the database must be http POST, not GET.",
         [
-          'IP' => $_SERVER['REMOTE_ADDR'],
+          'IP' => CRM_Utils_System::ipAddress(),
           'level' => 'security',
           'referer' => $_SERVER['HTTP_REFERER'],
           'reason' => 'Destructive HTTP GET',
diff --git a/CRM/Core/IDS.php b/CRM/Core/IDS.php
index fb8a01974a..ebdcda430c 100644
--- a/CRM/Core/IDS.php
+++ b/CRM/Core/IDS.php
@@ -233,7 +233,7 @@ class CRM_Core_IDS {
    */
   private function log($result, $reaction = 0) {
     // Include X_FORWARD_FOR ip address if set as per IDS patten.
-    $ip = $_SERVER['REMOTE_ADDR'] . (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' : '');
+    $ip = CRM_Utils_System::ipAddress() . (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? ' (' . $_SERVER['HTTP_X_FORWARDED_FOR'] . ')' : '');
 
     $data = [];
     $session = CRM_Core_Session::singleton();
@@ -285,7 +285,7 @@ class CRM_Core_IDS {
       $error = civicrm_api3_create_error(
         $msg,
         [
-          'IP' => $_SERVER['REMOTE_ADDR'],
+          'IP' => CRM_Utils_System::ipAddress(),
           'error_code' => 'IDS_KICK',
           'level' => 'security',
           'referer' => $_SERVER['HTTP_REFERER'],
diff --git a/CRM/Core/Page/AJAX/Attachment.php b/CRM/Core/Page/AJAX/Attachment.php
index ec4ebd4fbf..15c3fb610e 100644
--- a/CRM/Core/Page/AJAX/Attachment.php
+++ b/CRM/Core/Page/AJAX/Attachment.php
@@ -54,7 +54,7 @@ class CRM_Core_Page_AJAX_Attachment {
         require_once 'api/v3/utils.php';
         $results[$key] = civicrm_api3_create_error("SECURITY ALERT: Attaching files via AJAX requires a recent, valid token.",
           [
-            'IP' => $server['REMOTE_ADDR'],
+            'IP' => CRM_Utils_System::ipAddress(),
             'level' => 'security',
             'referer' => $server['HTTP_REFERER'],
             'reason' => 'CSRF suspected',
diff --git a/CRM/Utils/REST.php b/CRM/Utils/REST.php
index 0a4e9aa4fa..9a2f7ee25e 100644
--- a/CRM/Utils/REST.php
+++ b/CRM/Utils/REST.php
@@ -277,7 +277,7 @@ class CRM_Utils_REST {
       require_once 'api/v3/utils.php';
       return civicrm_api3_create_error("SECURITY: All requests that modify the database must be http POST, not GET.",
         [
-          'IP' => $_SERVER['REMOTE_ADDR'],
+          'IP' => CRM_Utils_System::ipAddress(),
           'level' => 'security',
           'referer' => $_SERVER['HTTP_REFERER'],
           'reason' => 'Destructive HTTP GET',
@@ -430,7 +430,7 @@ class CRM_Utils_REST {
     if (!$config->debug && !self::isWebServiceRequest()) {
       $error = civicrm_api3_create_error("SECURITY ALERT: Ajax requests can only be issued by javascript clients, eg. CRM.api3().",
         [
-          'IP' => $_SERVER['REMOTE_ADDR'],
+          'IP' => CRM_Utils_System::ipAddress(),
           'level' => 'security',
           'referer' => $_SERVER['HTTP_REFERER'],
           'reason' => 'CSRF suspected',
@@ -492,7 +492,7 @@ class CRM_Utils_REST {
       require_once 'api/v3/utils.php';
       $error = civicrm_api3_create_error("SECURITY ALERT: Ajax requests can only be issued by javascript clients, eg. CRM.api3().",
         [
-          'IP' => $_SERVER['REMOTE_ADDR'],
+          'IP' => CRM_Utils_System::ipAddress(),
           'level' => 'security',
           'referer' => $_SERVER['HTTP_REFERER'],
           'reason' => 'CSRF suspected',
diff --git a/CRM/Utils/System.php b/CRM/Utils/System.php
index 345db10a47..9ce478fe6f 100644
--- a/CRM/Utils/System.php
+++ b/CRM/Utils/System.php
@@ -1272,7 +1272,7 @@ class CRM_Utils_System {
   }
 
   /**
-   * Get logged in user's IP address.
+   * Get the client's IP address.
    *
    * Get IP address from HTTP REMOTE_ADDR header. If the CMS is Drupal then use
    * the Drupal function as this also handles reverse proxies (based on proper
diff --git a/ext/recaptcha/CRM/Utils/ReCAPTCHA.php b/ext/recaptcha/CRM/Utils/ReCAPTCHA.php
index e4283cb4d8..4381a6092c 100644
--- a/ext/recaptcha/CRM/Utils/ReCAPTCHA.php
+++ b/ext/recaptcha/CRM/Utils/ReCAPTCHA.php
@@ -215,7 +215,7 @@ class CRM_Utils_ReCAPTCHA {
     require_once E::path('lib/recaptcha/recaptchalib.php');
 
     $resp = recaptcha_check_answer(CRM_Core_Config::singleton()->recaptchaPrivateKey,
-      $_SERVER['REMOTE_ADDR'],
+      CRM_Utils_System::ipAddress(),
       $response
     );
     return $resp->is_valid;
-- 
2.25.1