Push security fix for IP address.

src/Utility/Utility.php

@@ -148,20 +148,10 @@ class Utility {
 	public static function getClientIp($safe = true) {
 		if (!$safe && env('HTTP_X_FORWARDED_FOR')) {
 			$ipaddr = preg_replace('/(?:,.*)/', '', env('HTTP_X_FORWARDED_FOR'));
+		} elseif (!$safe && env('HTTP_CLIENT_IP')) {
+			$ipaddr = env('HTTP_CLIENT_IP');
 		} else {
-			if (env('HTTP_CLIENT_IP')) {
-				$ipaddr = env('HTTP_CLIENT_IP');
-			} else {
-				$ipaddr = env('REMOTE_ADDR');
-			}
-		}
-
-		if (env('HTTP_CLIENTADDRESS')) {
-			$tmpipaddr = env('HTTP_CLIENTADDRESS');
-
-			if (!empty($tmpipaddr)) {
-				$ipaddr = preg_replace('/(?:,.*)/', '', $tmpipaddr);
-			}
+			$ipaddr = env('REMOTE_ADDR');
 		}
 		return trim($ipaddr);
 	}

tests/TestCase/BootstrapTest.php

@@ -21,7 +21,7 @@ class BootstrapTest extends TestCase {
 	/**
 	 * BootstrapTest::testStartsWith()
 	 *
-	 * return void
+	 * @return void
 	 */
 	public function testStartsWith() {
 		$strings = [

tests/TestCase/Model/Behavior/PasswordableBehaviorTest.php

@@ -196,6 +196,7 @@ class PasswordableBehaviorTest extends TestCase {
 
 	/**
 	 * Test aliases for field names
+	 * @return void
 	 */
 	public function testDifferentFieldNames() {
 		$this->Users->addBehavior('Tools.Passwordable', [
@@ -216,6 +217,7 @@ class PasswordableBehaviorTest extends TestCase {
 
 	/**
 	 * Assert that allowSame false does not allow storing the same password as previously entered
+	 * @return void
 	 */
 	public function testNotSame() {
 		$this->Users->addBehavior('Tools.Passwordable', [
@@ -251,6 +253,7 @@ class PasswordableBehaviorTest extends TestCase {
 
 	/**
 	 * Assert that allowSame false does not allow storing the same password as previously entered
+	 * @return void
 	 */
 	public function testNotSameWithoutCurrentField() {
 		$this->Users->addBehavior('Tools.Passwordable', [
@@ -292,6 +295,7 @@ class PasswordableBehaviorTest extends TestCase {
 
 	/**
 	 * Assert that on edit it does not wrongly pass validation (require => false)
+	 * @return void
 	 */
 	public function testRequireFalse() {
 		$this->Users->addBehavior('Tools.Passwordable', [
@@ -344,6 +348,7 @@ class PasswordableBehaviorTest extends TestCase {
 
 	/**
 	 * Needs faking of pwd check...
+	 * @return void
 	 */
 	public function testValidateCurrent() {
 		$this->assertFalse($this->Users->behaviors()->has('Passwordable'));

tests/TestCase/Utility/MimeTest.php

@@ -63,6 +63,7 @@ class MimeTest extends TestCase {
 
 	/**
 	 * Test fake files
+	 * @return void
 	 */
 	public function testCorrectFileExtension() {
 		file_put_contents(TMP . 'sometest.txt', 'xyz');
@@ -73,6 +74,7 @@ class MimeTest extends TestCase {
 
 	/**
 	 * Test fake files
+	 * @return void
 	 */
 	public function testWrongFileExtension() {
 		file_put_contents(TMP . 'sometest.zip', 'xyz');
@@ -101,6 +103,7 @@ class MimeTest extends TestCase {
 
 	/**
 	 * Test fake files
+	 * @return void
 	 */
 	public function testEncoding() {
 		file_put_contents(TMP . 'sometest.txt', 'xyz');

tests/TestCase/Utility/NumberTest.php

@@ -248,6 +248,7 @@ class NumberTest extends TestCase {
 	}
 
 	/**
+	 * @return void
 	 */
 	public function testGetDecimalPlaces() {
 		$values = [

tests/TestCase/View/Helper/GravatarHelperTest.php

@@ -13,6 +13,7 @@ class GravatarHelperTest extends TestCase {
 
 	/**
 	 * SetUp method
+	 * @return void
 	 */
 	public function setUp() {
 		parent::setUp();
@@ -25,6 +26,7 @@ class GravatarHelperTest extends TestCase {
 
 	/**
 	 * TearDown method
+	 * @return void
 	 */
 	public function tearDown() {
 		parent::tearDown();

tests/TestCase/View/Helper/TextHelperTest.php

@@ -168,6 +168,7 @@ class TextHelperTest extends TestCase {
 
 	/**
 	 * Combined (emails + urls)
+	 * @return void
 	 */
 	public function testAutoLink() {
 		$text = 'Text <i>with a url</i> www.cot.ag?id=2&sub=3 and some email@domain.com more';

tests/TestCase/View/Helper/TreeHelperTest.php

@@ -36,6 +36,8 @@ class TreeHelperTest extends TestCase {
 	 * - Three
 	 * - Four
 	 * -- Four-SubA
+	 *
+	 * @return void
 	 */
 	public function setUp() {
 		parent::setUp();