Fix ip spoof errors #12410

Merged
merged 1 commit into from Oct 1, 2013

Conversation

Projects
None yet
3 participants
Contributor

tamird commented Sep 30, 2013

@pixeltrix @strzalek backported as requested.

Member

lukaszx0 commented Sep 30, 2013

It's a backport of #10844

Owner

pixeltrix commented Oct 1, 2013

A couple of things:

  1. Does the test fail if the code change isn't there?
  2. Once Travis is green can you add a CHANGELOG entry like the one I added.

Thanks

Contributor

tamird commented Oct 1, 2013

@pixeltrix:

  1. yep, ran it locally before applying the code change
  2. done

@pixeltrix pixeltrix and 1 other commented on an outdated diff Oct 1, 2013

actionpack/CHANGELOG.md
@@ -1,5 +1,15 @@
## unreleased ##
+* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
+ attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
+
+ Fixes #12410
+ Backports #10844
+
+ *Tamir Duberstein*
+
+* Strong parameters should permit nested number as key.
@pixeltrix

pixeltrix Oct 1, 2013

Owner

@tamird I don't think this line is meant to be here is it?

@tamird

tamird Oct 1, 2013

Contributor

apologies, fixed

pixeltrix merged commit 83c4b0a into rails:3-2-stable Oct 1, 2013

Owner

pixeltrix commented Oct 1, 2013

@tamird thanks!

tamird deleted the unknown repository branch Oct 1, 2013

Contributor

tamird commented Oct 1, 2013

@pixeltrix thank you!

Member

lukaszx0 commented Oct 1, 2013

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment