diff options
| author | Earl J St Sauver <estsauver@gmail.com> | 2014-04-27 16:41:25 -0700 |
|---|---|---|
| committer | Arthur Neves <arthurnn@gmail.com> | 2014-07-18 13:23:45 -0400 |
| commit | 9ff18e4626ceb3e50b81b2966d304d02160b619e (patch) | |
| tree | 25e301e00aeef7cab77d2c7738c4b5c30f1a40a5 /actionpack | |
| parent | 843b8c0b8c8cccd8d1432060dfc79a8edcc4ed2c (diff) | |
| download | rails-9ff18e4626ceb3e50b81b2966d304d02160b619e.tar.gz rails-9ff18e4626ceb3e50b81b2966d304d02160b619e.tar.bz2 rails-9ff18e4626ceb3e50b81b2966d304d02160b619e.zip | |
LOCALHOST definition should match any 127.0.0.0/8 address
The entire 127.0.0.0/8 range is assigned to the loopback address, not
only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST
to match any IPv4 127.0.0.0/8 loopback address.
The only place that the #local? method was previously under test was
in the show_expectations_test.rb file. I don't particularly like that
that's implicitly where this code is under test, and I feel like I
should move some of that testing code into the
test/dispatch/request_test.rb file, but I wanted some feedback first.
Credit goes to @sriedel for discovering the issue and adding the
patch.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/show_exceptions_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/dispatch/request_test.rb | 7 |
3 files changed, 9 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 01f117be99..a519d6c1fc 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -23,7 +23,7 @@ module ActionDispatch autoload :Session, 'action_dispatch/request/session' autoload :Utils, 'action_dispatch/request/utils' - LOCALHOST = Regexp.union [/^127\.0\.0\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/] + LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/] ENV_METHODS = %w[ AUTH_TYPE GATEWAY_INTERFACE PATH_TRANSLATED REMOTE_HOST diff --git a/actionpack/test/controller/show_exceptions_test.rb b/actionpack/test/controller/show_exceptions_test.rb index ff23b22040..f7eba1ef43 100644 --- a/actionpack/test/controller/show_exceptions_test.rb +++ b/actionpack/test/controller/show_exceptions_test.rb @@ -32,7 +32,7 @@ module ShowExceptions test 'show diagnostics from a local ip if show_detailed_exceptions? is set to request.local?' do @app = ShowExceptionsController.action(:boom) - ['127.0.0.1', '127.0.0.127', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address| + ['127.0.0.1', '127.0.0.127', '127.12.1.1', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address| self.remote_addr = ip_address get '/' assert_match(/boom/, body) diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index 1ef2b062dd..beae95f3fd 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -528,6 +528,13 @@ class RequestCGI < BaseRequestTest end end +class LocalhostTest < BaseRequestTest + test "IPs that match localhost" do + request = stub_request("REMOTE_IP" => "127.1.1.1", "REMOTE_ADDR" => "127.1.1.1") + assert_equal !!request.local?, true + end +end + class RequestCookie < BaseRequestTest test "cookie syntax resilience" do request = stub_request("HTTP_COOKIE" => "_session_id=c84ace84796670c052c6ceb2451fb0f2; is_admin=yes") |