Fix getRealIP() to only return originating user's source IP

mbandizzle · web-flow · commit e0c1ee85eb0a · 2021-03-01T13:25:47.000-08:00
If we end up with a list of IP addresses, then we only want the first one which will be the requesting user's IP.
diff --git a/interceptors/Security.cfc b/interceptors/Security.cfc
@@ -737,7 +737,7 @@ component accessors="true" extends="coldbox.system.Interceptor" {
 			return headers[ "X-Forwarded-For" ];
 		}
 
-		return len( CGI.REMOTE_ADDR ) ? CGI.REMOTE_ADDR : "127.0.0.1";
+		return len( CGI.REMOTE_ADDR ) ? trim( listFirst( CGI.REMOTE_ADDR ) ) : "127.0.0.1";
 	}
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -737,7 +737,7 @@ component accessors="true" extends="coldbox.system.Interceptor" {`
`737`	`737`	`return headers[ "X-Forwarded-For" ];`
`738`	`738`	`}`
`739`	`739`
`740`		`- return len( CGI.REMOTE_ADDR ) ? CGI.REMOTE_ADDR : "127.0.0.1";`
	`740`	`+ return len( CGI.REMOTE_ADDR ) ? trim( listFirst( CGI.REMOTE_ADDR ) ) : "127.0.0.1";`
`741`	`741`	`}`
`742`	`742`
`743`	`743`	`/**`