diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-10-02 05:32:14 +0000 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-10-02 05:32:14 +0000 |
| commit | 0ee1cb2cd32bfaf47deaf5440dd5b9cf0915ab6a (patch) | |
| tree | 5778378eafcbdfa37c82c67be1566c76aca249be /actionpack/lib/action_controller/request.rb | |
| parent | 9264bdc8f618344307f07790a07a60dc04b80434 (diff) | |
| download | rails-0ee1cb2cd32bfaf47deaf5440dd5b9cf0915ab6a.tar.gz rails-0ee1cb2cd32bfaf47deaf5440dd5b9cf0915ab6a.tar.bz2 rails-0ee1cb2cd32bfaf47deaf5440dd5b9cf0915ab6a.zip | |
Ruby 1.9 compat, consistent load paths
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7719 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib/action_controller/request.rb')
| -rwxr-xr-x | actionpack/lib/action_controller/request.rb | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index 602b7602b6..17f22864bd 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -109,7 +109,7 @@ module ActionController # "XMLHttpRequest". (The Prototype Javascript library sends this header with # every Ajax request.) def xml_http_request? - not /XMLHttpRequest/i.match(@env['HTTP_X_REQUESTED_WITH']).nil? + !(@env['HTTP_X_REQUESTED_WITH'] !~ /XMLHttpRequest/i) end alias xhr? :xml_http_request? @@ -120,13 +120,10 @@ module ActionController # delimited list in the case of multiple chained proxies; the first is # the originating IP. # - # Security note: Be aware that since remote_ip will check regular HTTP headers, - # it can be tricked by anyone setting those manually. In other words, people can - # pose as whatever IP address they like to this method. That doesn't matter if - # all your doing is using IP addresses for statistical or geographical information, - # but if you want to, for example, limit access to an administrative area by IP, - # you should instead use Request#remote_addr, which can't be spoofed (but also won't - # survive proxy forwards). + # Security note: do not use if IP spoofing is a concern for your + # application. Since remote_ip checks HTTP headers for addresses forwarded + # by proxies, the client may send any IP. remote_addr can't be spoofed but + # also doesn't work behind a proxy, since it's always the proxy's IP. def remote_ip return @env['HTTP_CLIENT_IP'] if @env.include? 'HTTP_CLIENT_IP' @@ -222,7 +219,13 @@ module ActionController unless (env_qs = @env['QUERY_STRING']).nil? || env_qs.empty? uri << '?' << env_qs end - @env['REQUEST_URI'] = uri + + if uri.nil? + @env.delete('REQUEST_URI') + uri + else + @env['REQUEST_URI'] = uri + end end end @@ -682,4 +685,4 @@ module ActionController raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value." end end -end
\ No newline at end of file +end |