From 4fabc9b2f376c47d4381572167956063b3c8c418 Mon Sep 17 00:00:00 2001 From: Jeremy Kemper Date: Sun, 30 Nov 2008 17:06:11 -0800 Subject: Simplify REMOTE_ADDR parsing --- actionpack/lib/action_controller/request.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller/request.rb') diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index c079895683..78a57acf6f 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -209,7 +209,7 @@ module ActionController # delimited list in the case of multiple chained proxies; the last # address which is not trusted is the originating IP. def remote_ip - remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip) + remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/) unless remote_addr_list.blank? not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} -- cgit v1.2.3 From eb5e6fe713756b36ee6df9b04f28cfb8bae60dbc Mon Sep 17 00:00:00 2001 From: Jeremy Kemper Date: Sun, 30 Nov 2008 17:24:36 -0800 Subject: Simplify Request#path --- actionpack/lib/action_controller/request.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'actionpack/lib/action_controller/request.rb') diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index 78a57acf6f..baa955cb04 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -369,11 +369,9 @@ EOM # Returns the interpreted \path to requested resource after all the installation # directory of this application was taken into account. def path - path = (uri = request_uri) ? uri.split('?').first.to_s : '' - - # Cut off the path to the installation directory if given - path.sub!(%r/^#{ActionController::Base.relative_url_root}/, '') - path || '' + path = request_uri.to_s[/\A[^\?]*/] + path.sub!(/\A#{ActionController::Base.relative_url_root}/, '') + path end memoize :path -- cgit v1.2.3 From 0a4a5f3129a137fc357e8444a08b135f0ad4fbe8 Mon Sep 17 00:00:00 2001 From: Darren Boyd Date: Sat, 22 Nov 2008 10:04:30 -0800 Subject: Making the IP Spoofing check in AbstractRequest#remote_ip configurable. Certain groups of web proxies do not set these values properly. Notably, proxies for cell phones, which often do not set the remote IP information correctly (not surprisingly, since the clients do not have an IP address). Allowing this to be configurable makes it possible for developers to choose to ignore this simple spoofing check, when a significant amount of their traffic would result in false positives anyway. Signed-off-by: Michael Koziarski [#1200 state:committed] --- actionpack/lib/action_controller/request.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_controller/request.rb') diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb index baa955cb04..087fffe87d 100755 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -218,7 +218,7 @@ module ActionController remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') if @env.include? 'HTTP_CLIENT_IP' - if remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) + if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) # We don't know which came from the proxy, and which from the user raise ActionControllerError.new(<