diff --git a/ChangeLog b/ChangeLog
index 1ec66fc5f..fa5f62dee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL$
 
+2006-12-07 Marc Delisle  <lem9@users.sourceforge.net>
+    * libraries/ip_allow_deny.lib.php: checks that the header contains
+      only one IP address, thanks to Christian Schmidt
+
 2006-12-06 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/import.lib.php, /common.lib.php: bug #1603660, 
       incorrect escaping of ">"
diff --git a/libraries/ip_allow_deny.lib.php b/libraries/ip_allow_deny.lib.php
index 12493c2d5..0ce7a13b4 100644
--- a/libraries/ip_allow_deny.lib.php
+++ b/libraries/ip_allow_deny.lib.php
@@ -28,7 +28,8 @@ function PMA_getIp()
     /* Do we trust this IP as a proxy? If yes we will use it's header. */
     if (isset($GLOBALS['cfg']['TrustedProxies'][$direct_ip])) {
         $proxy_ip = PMA_getenv($GLOBALS['cfg']['TrustedProxies'][$direct_ip]);
-        $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}|', $proxy_ip, $regs);
+        // the $ checks that the header contains only one IP address
+        $is_ip = preg_match('|^([0-9]{1,3}\.){3,3}[0-9]{1,3}$|', $proxy_ip, $regs);
         if ($is_ip && (count($regs) > 0)) {
             // True IP behind a proxy
             return $regs[0];