From b046990153170612bbef1c86b7e2e4785d8ba3a6 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Sun, 20 Feb 2022 11:49:57 +0100
Subject: [PATCH] fix: [flood protection] default to REMOTE_ADDR if the
 selected default logging IP source header is not populated

---
 src/Controller/Component/FloodProtectionComponent.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Controller/Component/FloodProtectionComponent.php b/src/Controller/Component/FloodProtectionComponent.php
index 6fbd0ec..ff45590 100644
--- a/src/Controller/Component/FloodProtectionComponent.php
+++ b/src/Controller/Component/FloodProtectionComponent.php
@@ -17,6 +17,9 @@ class FloodProtectionComponent extends Component
     public function initialize(array $config): void
     {
         $ip_source = Configure::check('security.logging.ip_source') ? Configure::read('security.logging.ip_source') : 'REMOTE_ADDR';
+        if (!isset($_SERVER[$ip_source])) {
+            $ip_source = 'REMOTE_ADDR';
+        }
         $this->remote_ip = $_SERVER[$ip_source];
         $temp = explode(PHP_EOL, $_SERVER[$ip_source]);
         if (count($temp) > 1) {