From e42a235dd18a39ccc83382365088de96f24fa236 Mon Sep 17 00:00:00 2001 From: "Michael S. Klishin" Date: Tue, 1 Jul 2008 11:52:20 +0300 Subject: Request#remote_ip handles the uncommon case that REMOTE_ADDR is a comma-separated list. [#523 state:resolved] Signed-off-by: Jeremy Kemper --- actionpack/lib/action_controller/request.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) mode change 100644 => 100755 actionpack/lib/action_controller/request.rb (limited to 'actionpack/lib/action_controller') diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb old mode 100644 new mode 100755 index 364e6201cc..d793ade702 --- a/actionpack/lib/action_controller/request.rb +++ b/actionpack/lib/action_controller/request.rb @@ -197,10 +197,12 @@ module ActionController # delimited list in the case of multiple chained proxies; the last # address which is not trusted is the originating IP. def remote_ip - if TRUSTED_PROXIES !~ @env['REMOTE_ADDR'] - return @env['REMOTE_ADDR'] - end + remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].split(',').collect(&:strip) + unless remote_addr_list.blank? + not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} + return not_trusted_addrs.first unless not_trusted_addrs.empty? + end remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') if @env.include? 'HTTP_CLIENT_IP' -- cgit v1.2.3