studio-variable/world-game
3
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions

fix(security): rate limiting basé sur REMOTE_ADDR uniquement
All checks were successful
Deploy / Deploy to Production (push) Successful in 21s
Details

Browse source 
X-Forwarded-For est un header client spoofable, REMOTE_ADDR est l'IP TCP.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
isUnknown 2026-03-21 09:25:27 +01:00
parent 1ee0a4e640
commit 3499fd0d34
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
site/config/routes/download-white-paper.php
View file

@ -25,7 +25,7 @@ return [
} }
// ── Rate limiting (5 req / hour / IP) ───────────────────── // ── Rate limiting (5 req / hour / IP) ─────────────────────
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? 'unknown'; $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$cacheKey = 'wp-dl-' . md5($ip); $cacheKey = 'wp-dl-' . md5($ip);
$cache = kirby()->cache('pages'); $cache = kirby()->cache('pages');
$hits = (int)($cache->get($cacheKey) ?? 0); $hits = (int)($cache->get($cacheKey) ?? 0);