aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-x[-rw-r--r--]actionpack/lib/action_controller/request.rb8
-rw-r--r--actionpack/test/controller/request_test.rb3
2 files changed, 8 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index 364e6201cc..d793ade702 100644..100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -197,10 +197,12 @@ module ActionController
# delimited list in the case of multiple chained proxies; the last
# address which is not trusted is the originating IP.
def remote_ip
- if TRUSTED_PROXIES !~ @env['REMOTE_ADDR']
- return @env['REMOTE_ADDR']
- end
+ remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip)
+ unless remote_addr_list.blank?
+ not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
+ return not_trusted_addrs.first unless not_trusted_addrs.empty?
+ end
remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
if @env.include? 'HTTP_CLIENT_IP'
diff --git a/actionpack/test/controller/request_test.rb b/actionpack/test/controller/request_test.rb
index 045dab4141..e79a0ea76b 100644
--- a/actionpack/test/controller/request_test.rb
+++ b/actionpack/test/controller/request_test.rb
@@ -17,6 +17,9 @@ class RequestTest < Test::Unit::TestCase
@request.remote_addr = '1.2.3.4'
assert_equal '1.2.3.4', @request.remote_ip(true)
+ @request.remote_addr = '1.2.3.4,3.4.5.6'
+ assert_equal '1.2.3.4', @request.remote_ip(true)
+
@request.env['HTTP_CLIENT_IP'] = '2.3.4.5'
assert_equal '1.2.3.4', @request.remote_ip(true)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 06:30:58 +0000