Index: branches/5.3.x/core/kernel/utility/debugger.php
===================================================================
diff -u -N -r15578 -r15677
--- branches/5.3.x/core/kernel/utility/debugger.php	(.../debugger.php)	(revision 15578)
+++ branches/5.3.x/core/kernel/utility/debugger.php	(.../debugger.php)	(revision 15677)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: debugger.php 15578 2012-10-16 13:55:05Z alex $
+* @version	$Id: debugger.php 15677 2013-01-17 18:52:50Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -22,6 +22,13 @@
 		class DebuggerUtil {
 
 			/**
+			 * Trust information, provided by proxy
+			 *
+			 * @var bool
+			 */
+			public static $trustProxy = false;
+
+			/**
 			 * Checks if constant is defined and has positive value
 			 *
 			 * @param string $const_name
@@ -87,15 +94,16 @@
 			 */
 			public static function ipMatch($ip_list, $separator = ';')
 			{
-				if ( !isset($_SERVER['REMOTE_ADDR']) ) {
-					// PHP CLI used -> never match
+				if ( php_sapi_name() == 'cli' ) {
 					return false;
 				}
 
 				$ip_match = false;
 				$ip_addresses = $ip_list ? explode($separator, $ip_list) : Array ();
+				$client_ip = self::getClientIp();
+
 				foreach ($ip_addresses as $ip_address) {
-					if (self::netMatch($ip_address, $_SERVER['REMOTE_ADDR'])) {
+					if ( self::netMatch($ip_address, $client_ip) ) {
 						$ip_match = true;
 						break;
 					}
@@ -105,6 +113,37 @@
 			}
 
 			/**
+			 * Returns the client IP address.
+			 *
+			 * @return string The client IP address
+			 * @access public
+			 */
+			public static function getClientIp()
+			{
+				if ( self::$trustProxy ) {
+					if ( array_key_exists('HTTP_CLIENT_IP', $_SERVER) ) {
+						return $_SERVER['HTTP_CLIENT_IP'];
+					}
+
+					if ( array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) ) {
+						$client_ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+
+						foreach ($client_ip as $ip_address) {
+							$clean_ip_address = trim($ip_address);
+
+							if ( false !== filter_var($clean_ip_address, FILTER_VALIDATE_IP) ) {
+								return $clean_ip_address;
+							}
+						}
+
+						return '';
+					}
+				}
+
+				return $_SERVER['REMOTE_ADDR'];
+			}
+
+			/**
 			 * Checks, that given ip belongs to given subnet
 			 *
 			 * @param string $network
@@ -352,6 +391,11 @@
 					die('error: constant DEBUG_MODE defined directly, please use <strong>$dbg_options</strong> array instead');
 				}
 
+				if ( class_exists('kUtil') ) {
+					$vars = kUtil::getConfigVars();
+					DebuggerUtil::$trustProxy = isset($vars['TrustProxy']) ? (bool)$vars['TrustProxy'] : false;
+				}
+
 				// check IP before enabling debug mode
 				$ip_match = DebuggerUtil::ipMatch(isset($dbg_options['DBG_IP']) ? $dbg_options['DBG_IP'] : '');
 
@@ -1095,18 +1139,20 @@
 						<td width="20">Src</td><td>Name</td><td>Value</td>
 					</thead>
 				<?php
-					foreach ($_REQUEST as $key => $value) {
-					if ( !is_array($value) && trim($value) == '' ) {
-						$value = '<b class="debug_error">no value</b>';
-					}
-					else {
-						$value = htmlspecialchars($this->print_r($value, true));
-					}
+					$super_globals = Array ('GE' => $_GET, 'PO' => $_POST, 'CO' => $_COOKIE);
 
-					$in_cookie = isset($_COOKIE[$key]);
-					$src = isset($_GET[$key]) && !$in_cookie ? 'GE' : (isset($_POST[$key]) && !$in_cookie ? 'PO' : ($in_cookie ? 'CO' : '?'));
-					echo '<tr><td>' . $src . '</td><td>' . $key . '</td><td>' . $value . '</td></tr>';
-				}
+					foreach ($super_globals as $prefix => $data) {
+						foreach ($data as $key => $value) {
+							if ( !is_array($value) && trim($value) == '' ) {
+								$value = '<b class="debug_error">no value</b>';
+							}
+							else {
+								$value = htmlspecialchars($this->print_r($value, true), null, 'UTF-8');
+							}
+
+							echo '<tr><td>' . $prefix . '</td><td>' . $key . '</td><td>' . $value . '</td></tr>';
+						}
+					}
 				?>
 				</table>
 				<?php
@@ -1532,7 +1578,7 @@
 				$debugger_params = Array (
 					'RowSeparator' => $this->rowSeparator,
 					'ErrorsCount' => (int)$this->getProfilerTotal('error_handling'),
-					'IsFatalError' => $this->IsFatalError ? 'true' : 'false',
+					'IsFatalError' => $this->IsFatalError,
 					'SQLCount' => (int)$this->getProfilerTotal('sql'),
 					'SQLTime' => isset($this->ProfilerTotals['sql']) ? sprintf('%.5f', $this->ProfilerTotals['sql']) : 0,
 					'ScriptTime' => sprintf('%.5f', $this->ProfilerData['script_runtime']['ends'] - $this->ProfilerData['script_runtime']['begins']),
@@ -1546,7 +1592,7 @@
 				// otherwise it has no effect
 			?>
 					<div style="display: none" x='nothing'><script></script></div><html><body></body></html>
-					<link rel="stylesheet" rev="stylesheet" href="<?php echo $this->baseURL; ?>/debugger.css" type="text/css" media="screen" />
+					<link rel="stylesheet" rev="stylesheet" href="<?php echo $this->baseURL; ?>/debugger.css?v2" type="text/css" media="screen" />
 					<script type="text/javascript" src="<?php echo $this->baseURL; ?>/debugger.js?v4"></script>
 
 					<script type="text/javascript">