]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/lockedit.pm
passwordauth: avoid userinfo forgery via repeated email parameter
[git.ikiwiki.info.git] / IkiWiki / Plugin / lockedit.pm
index 1466e8337f5f16c74c6f809f7af7a62bfadfb56e..5b50fd11509c07cf301b6f9a500331bff4392f93 100644 (file)
@@ -38,7 +38,7 @@ sub canedit ($$) {
        if (defined $config{locked_pages} && length $config{locked_pages} &&
            pagespec_match($page, $config{locked_pages},
                    user => $session->param("name"),
        if (defined $config{locked_pages} && length $config{locked_pages} &&
            pagespec_match($page, $config{locked_pages},
                    user => $session->param("name"),
-                   ip => $ENV{REMOTE_ADDR},
+                   ip => $session->remote_addr(),
            )) {
                if ((! defined $user ||
                    ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
            )) {
                if ((! defined $user ||
                    ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&