Browse files

Request#remote_ip handles the uncommon case that REMOTE_ADDR is a com…

…ma-separated list.

[#523 state:resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
  • Loading branch information...
1 parent b23b191 commit e21ed3e45429cf4a7ee4f5b6b550f457f0c4c313 @michaelklishin michaelklishin committed with jeremy Jul 1, 2008
Showing with 8 additions and 3 deletions.
  1. +5 −3 actionpack/lib/action_controller/request.rb
  2. +3 −0 actionpack/test/controller/request_test.rb
View
8 actionpack/lib/action_controller/request.rb
@@ -135,10 +135,12 @@ def xml_http_request?
# delimited list in the case of multiple chained proxies; the last
# address which is not trusted is the originating IP.
def remote_ip
- if TRUSTED_PROXIES !~ @env['REMOTE_ADDR']
- return @env['REMOTE_ADDR']
- end
+ remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip)
+ unless remote_addr_list.blank?
+ not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
+ return not_trusted_addrs.first unless not_trusted_addrs.empty?
+ end
remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
if @env.include? 'HTTP_CLIENT_IP'
View
3 actionpack/test/controller/request_test.rb
@@ -12,6 +12,9 @@ def test_remote_ip
@request.remote_addr = '1.2.3.4'
assert_equal '1.2.3.4', @request.remote_ip
+ @request.remote_addr = '1.2.3.4,3.4.5.6'
+ assert_equal '1.2.3.4', @request.remote_ip(true)
+
@request.env['HTTP_CLIENT_IP'] = '2.3.4.5'
assert_equal '1.2.3.4', @request.remote_ip

0 comments on commit e21ed3e

Please sign in to comment.