Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.
Please keep in mind:
CHEVERETO_DB_TABLE_PREFIXwith empty string the system was failing to detect the database connection. This release fixes this issue.
composer.jsonand then run
composer updateto push the fixed package in your setups.
REMOTE_ADDR, which in proxy setup points to the proxy TCP IP (and not the client IP) which drives a lot of issues. To fix this, I'm introducing the variable
CHEVERETO_HEADER_CLIENT_IPwhich will allow you to configure the header for client IP.
X-Real-IPyou only need to set
CHEVERETO_HEADER_CLIENT_IP=X-Real-IPto instruct Chevereto to trust in that header for client IP detection.
$_SERVER['HTTP_X_FORWARDED_FOR']which can be spoofed at client layer when not using a proxy. In other words, unless using a proxy Akismet was vulnerable to fake IPs due to this unsafe header handling. This revision fixes this bug.