diff options
| author | Caleb Spare <cespare@gmail.com> | 2013-10-25 14:16:42 -0700 |
|---|---|---|
| committer | Caleb Spare <cespare@gmail.com> | 2013-10-26 12:28:44 -0700 |
| commit | cd78d725263b24ba33c1a5ec7b82f9576419f5d1 (patch) | |
| tree | 87f9c2c3260bca24822f34a302d40d7e25e3b6a3 | |
| parent | 52199d1fd41ffc439357c16a7873fb04444175cd (diff) | |
| download | rails-cd78d725263b24ba33c1a5ec7b82f9576419f5d1.tar.gz rails-cd78d725263b24ba33c1a5ec7b82f9576419f5d1.tar.bz2 rails-cd78d725263b24ba33c1a5ec7b82f9576419f5d1.zip | |
Make remote_ip detection properly handle private IPv6 addresses
Fixes #12638.
| -rw-r--r-- | actionpack/CHANGELOG.md | 8 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/remote_ip.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/dispatch/request_test.rb | 5 |
3 files changed, 13 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index a47ddb1f21..16de0bbc1f 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,11 @@ +* Properly treat the entire IPv6 User Local Address space as private for + purposes of remote IP detection. Also handle uppercase private IPv6 + addresses. + + Fixes #12638. + + *Caleb Spare* + * Add `params` option to `button_to` form helper, which renders the given hash as hidden form fields. diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 57bc6d5cd0..f676e4c598 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -31,7 +31,7 @@ module ActionDispatch TRUSTED_PROXIES = %r{ ^127\.0\.0\.1$ | # localhost IPv4 ^::1$ | # localhost IPv6 - ^fc00: | # private IPv6 range fc00 + ^[fF][cCdD] | # private IPv6 range fc00::/7 ^10\. | # private IPv4 range 10.x.x.x ^172\.(1[6-9]|2[0-9]|3[0-1])\.| # private IPv4 range 172.16.0.0 .. 172.31.255.255 ^192\.168\. # private IPv4 range 192.168.x.x diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index f6de9748ca..44e7f04bc3 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -120,9 +120,12 @@ class RequestTest < ActiveSupport::TestCase request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,::1' assert_equal nil, request.remote_ip - request = stub_request 'HTTP_X_FORWARDED_FOR' => '2001:0db8:85a3:0000:0000:8a2e:0370:7334, fe80:0000:0000:0000:0202:b3ff:fe1e:8329, ::1, fc00::' + request = stub_request 'HTTP_X_FORWARDED_FOR' => '2001:0db8:85a3:0000:0000:8a2e:0370:7334, fe80:0000:0000:0000:0202:b3ff:fe1e:8329, ::1, fc00::, fc01::, fdff' assert_equal 'fe80:0000:0000:0000:0202:b3ff:fe1e:8329', request.remote_ip + request = stub_request 'HTTP_X_FORWARDED_FOR' => 'FE00::, FDFF::' + assert_equal 'FE00::', request.remote_ip + request = stub_request 'HTTP_X_FORWARDED_FOR' => 'not_ip_address' assert_equal nil, request.remote_ip end |