diff options
| author | Pratik Naik <pratiknaik@gmail.com> | 2008-12-07 03:05:03 +0100 |
|---|---|---|
| committer | Pratik Naik <pratiknaik@gmail.com> | 2008-12-07 03:05:03 +0100 |
| commit | 8f1c229571b4db8dda144bf6eaa193799309e817 (patch) | |
| tree | 592710207a614428d5cb809f6e13c8b546b58969 /actionpack/lib/action_controller/request.rb | |
| parent | 601e40e744f44fe8819be100a8c472ea161d13ab (diff) | |
| parent | 9eca588bdfbb41f6b48477025d1cd8eea4a38296 (diff) | |
| download | rails-8f1c229571b4db8dda144bf6eaa193799309e817.tar.gz rails-8f1c229571b4db8dda144bf6eaa193799309e817.tar.bz2 rails-8f1c229571b4db8dda144bf6eaa193799309e817.zip | |
Merge commit 'mainstream/master'
Conflicts:
actionmailer/lib/action_mailer/base.rb
actionpack/lib/action_controller/base.rb
actionpack/lib/action_controller/mime_type.rb
railties/doc/guides/html/activerecord_validations_callbacks.html
railties/doc/guides/html/caching_with_rails.html
railties/doc/guides/html/command_line.html
railties/doc/guides/html/configuring.html
railties/doc/guides/html/creating_plugins.html
railties/doc/guides/html/finders.html
railties/doc/guides/html/routing_outside_in.html
railties/doc/guides/source/activerecord_validations_callbacks.txt
railties/doc/guides/source/caching_with_rails.txt
railties/doc/guides/source/command_line.txt
railties/doc/guides/source/creating_plugins/acts_as_yaffle.txt
railties/doc/guides/source/creating_plugins/controllers.txt
railties/doc/guides/source/creating_plugins/core_ext.txt
railties/doc/guides/source/creating_plugins/helpers.txt
railties/doc/guides/source/creating_plugins/index.txt
railties/doc/guides/source/creating_plugins/migration_generator.txt
railties/doc/guides/source/creating_plugins/models.txt
railties/doc/guides/source/creating_plugins/odds_and_ends.txt
railties/doc/guides/source/creating_plugins/routes.txt
railties/doc/guides/source/finders.txt
railties/doc/guides/source/routing_outside_in.txt
railties/doc/guides/source/testing_rails_applications.txt
Diffstat (limited to 'actionpack/lib/action_controller/request.rb')
| -rwxr-xr-x | actionpack/lib/action_controller/request.rb | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index c079895683..087fffe87d 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -209,7 +209,7 @@ module ActionController # delimited list in the case of multiple chained proxies; the last # address which is not trusted is the originating IP. def remote_ip - remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip) + remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/) unless remote_addr_list.blank? not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} @@ -218,7 +218,7 @@ module ActionController remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') if @env.include? 'HTTP_CLIENT_IP' - if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) + if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) # We don't know which came from the proxy, and which from the user raise ActionControllerError.new(<<EOM) IP spoofing attack?! @@ -369,11 +369,9 @@ EOM # Returns the interpreted \path to requested resource after all the installation # directory of this application was taken into account. def path - path = (uri = request_uri) ? uri.split('?').first.to_s : '' - - # Cut off the path to the installation directory if given - path.sub!(%r/^#{ActionController::Base.relative_url_root}/, '') - path || '' + path = request_uri.to_s[/\A[^\?]*/] + path.sub!(/\A#{ActionController::Base.relative_url_root}/, '') + path end memoize :path |