From cd2136aed6350b2bc7e5c0f3f57dfd7f141f76e8 Mon Sep 17 00:00:00 2001 From: Daniel Schierbeck Date: Tue, 27 Dec 2011 13:53:09 +0100 Subject: [PATCH] Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a list of IP addresses from it. --- actionpack/lib/action_controller/request.rb | 2 +- actionpack/test/controller/request_test.rb | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index dc46253014d1f..d6a27b6c1aeb1 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -225,7 +225,7 @@ def remote_ip not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} return not_trusted_addrs.first unless not_trusted_addrs.empty? end - remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') + remote_ips = @env['HTTP_X_FORWARDED_FOR'].present? && @env['HTTP_X_FORWARDED_FOR'].split(',') if @env.include? 'HTTP_CLIENT_IP' if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) diff --git a/actionpack/test/controller/request_test.rb b/actionpack/test/controller/request_test.rb index c4cc63e62850c..a56aaec7be343 100644 --- a/actionpack/test/controller/request_test.rb +++ b/actionpack/test/controller/request_test.rb @@ -20,6 +20,9 @@ def test_remote_ip 'HTTP_X_FORWARDED_FOR' => '3.4.5.6' assert_equal '1.2.3.4', request.remote_ip + request = stub_request 'HTTP_X_FORWARDED_FOR' => '' + assert_nil request.remote_ip + request = stub_request 'REMOTE_ADDR' => '127.0.0.1', 'HTTP_X_FORWARDED_FOR' => '3.4.5.6' assert_equal '3.4.5.6', request.remote_ip