request.remote_ip understands X-Forwarded-For addresses with nonstandard whitespace. Closes #7386.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6877 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

3 files changed, 6 insertions, 1 deletions

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index dd354d886c..f655ecbede 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* request.remote_ip understands X-Forwarded-For addresses with nonstandard whitespace.  #7386 [moses]
+
 * Don't prepare response when rendering a component.  #8493 [jsierles]
 
 * Reduce file stat calls when checking for template changes.  #7736 [alex]
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index caab289acd..2f0e86d2a2 100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -112,7 +112,7 @@ module ActionController
 
       if @env.include? 'HTTP_X_FORWARDED_FOR' then
         remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',').reject do |ip|
-            ip =~ /^unknown$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i
+          ip.strip =~ /^unknown$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i
         end
 
         return remote_ips.first.strip unless remote_ips.empty?
diff --git a/actionpack/test/controller/request_test.rb b/actionpack/test/controller/request_test.rb
index 1e6f6db8d8..e14036fd2f 100644
--- a/actionpack/test/controller/request_test.rb
+++ b/actionpack/test/controller/request_test.rb
@@ -29,6 +29,9 @@ class RequestTest < Test::Unit::TestCase
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1,3.4.5.6'
     assert_equal '3.4.5.6', @request.remote_ip
+    
+    @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1, 10.0.0.1, 3.4.5.6'
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,3.4.5.6'
     assert_equal '127.0.0.1', @request.remote_ip