If someone installs IPFuck for firefox, they can forge the X-FORWARDED-FOR, CLIENT-IP & VIA headers to make their IP address look like another users.
What they can do with this is post an account recovery thread and if an admin checks their ip, it will match the other users ip. You idiots need to use REMOTE_ADDR so this doesn't happen. Please fix this @Philly
What they can do with this is post an account recovery thread and if an admin checks their ip, it will match the other users ip. You idiots need to use REMOTE_ADDR so this doesn't happen. Please fix this @Philly
