Merge pull request #12651 from cespare/ipv6-remote-ip-fixes

Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
author: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-05-01 14:43:14 -0300
committer: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-05-01 14:43:14 -0300
commit: b638c1a0b387d49cd3ec0c753dae21387481c290 (patch)
tree: b4c1aa60e0822e0eae72b1d7252050b5ec61f40e /actionpack
parent: c42aeace12a0e6e9b4e3bea3770f906884cc5b21 (diff)
parent: cd78d725263b24ba33c1a5ec7b82f9576419f5d1 (diff)
download: rails-b638c1a0b387d49cd3ec0c753dae21387481c290.tar.gz
rails-b638c1a0b387d49cd3ec0c753dae21387481c290.tar.bz2
rails-b638c1a0b387d49cd3ec0c753dae21387481c290.zip
3 files changed, 13 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 15833641bb..fd3f9eb72d 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,11 @@
+*   Properly treat the entire IPv6 User Local Address space as private for
+    purposes of remote IP detection. Also handle uppercase private IPv6
+    addresses.
+
+    Fixes #12638.
+
+    *Caleb Spare*
+
 *   Fixed an issue with migrating legacy json cookies.
 
     Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb
index c1df518b14..cbb066b092 100644
--- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb
+++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb
@@ -31,7 +31,7 @@ module ActionDispatch
     TRUSTED_PROXIES = %r{
       ^127\.0\.0\.1$                | # localhost IPv4
       ^::1$                         | # localhost IPv6
-      ^fc00:                        | # private IPv6 range fc00
+      ^[fF][cCdD]                   | # private IPv6 range fc00::/7
       ^10\.                         | # private IPv4 range 10.x.x.x
       ^172\.(1[6-9]|2[0-9]|3[0-1])\.| # private IPv4 range 172.16.0.0 .. 172.31.255.255
       ^192\.168\.                     # private IPv4 range 192.168.x.x
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
index 6e21b4a258..b48e8ab974 100644
--- a/actionpack/test/dispatch/request_test.rb
+++ b/actionpack/test/dispatch/request_test.rb
@@ -152,9 +152,12 @@ class RequestIP < BaseRequestTest
     request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,::1'
     assert_equal nil, request.remote_ip
 
-    request = stub_request 'HTTP_X_FORWARDED_FOR' => '2001:0db8:85a3:0000:0000:8a2e:0370:7334, fe80:0000:0000:0000:0202:b3ff:fe1e:8329, ::1, fc00::'
+    request = stub_request 'HTTP_X_FORWARDED_FOR' => '2001:0db8:85a3:0000:0000:8a2e:0370:7334, fe80:0000:0000:0000:0202:b3ff:fe1e:8329, ::1, fc00::, fc01::, fdff'
     assert_equal 'fe80:0000:0000:0000:0202:b3ff:fe1e:8329', request.remote_ip
 
+    request = stub_request 'HTTP_X_FORWARDED_FOR' => 'FE00::, FDFF::'
+    assert_equal 'FE00::', request.remote_ip
+
     request = stub_request 'HTTP_X_FORWARDED_FOR' => 'not_ip_address'
     assert_equal nil, request.remote_ip
   end
author	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-05-01 14:43:14 -0300
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-05-01 14:43:14 -0300
commit	b638c1a0b387d49cd3ec0c753dae21387481c290 (patch)
tree	b4c1aa60e0822e0eae72b1d7252050b5ec61f40e /actionpack
parent	c42aeace12a0e6e9b4e3bea3770f906884cc5b21 (diff)
parent	cd78d725263b24ba33c1a5ec7b82f9576419f5d1 (diff)
download	rails-b638c1a0b387d49cd3ec0c753dae21387481c290.tar.gz rails-b638c1a0b387d49cd3ec0c753dae21387481c290.tar.bz2 rails-b638c1a0b387d49cd3ec0c753dae21387481c290.zip