From c152f85b50cf38c83562bd9e7dfde543cce0d49e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steven=20Andr=C3=A9s?=
 <stevenandres@users.noreply.github.com>
Date: Thu, 7 May 2020 16:45:24 -0700
Subject: [PATCH] removed $remoteip that the audit didn't like

---
 lib/Controller.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/Controller.php b/lib/Controller.php
index 45b6dac..00bd981 100644
--- a/lib/Controller.php
+++ b/lib/Controller.php
@@ -201,13 +201,13 @@ class Controller
         if (($option = $this->_conf->getKey('header', 'traffic')) !== null) {
             $httpHeader = 'HTTP_' . $option;
             if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
-                $remoteip = $_SERVER[$httpHeader];
+                // compare source IP from web server with whitelist
+                if(!in_array($_SERVER[$httpHeader], $whitelist)) {
+                    $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
+                    return;
+                }                
             }
         }
-        if(!in_array($remoteip, $whitelist)) {
-            $this->_return_message(1, I18n::_('Your IP is not authorized to create pastes.'));
-            return;
-        }
         
         // Ensure last paste from visitors IP address was more than configured amount of seconds ago.
         TrafficLimiter::setConfiguration($this->_conf);