From 9ff18e4626ceb3e50b81b2966d304d02160b619e Mon Sep 17 00:00:00 2001 From: Earl J St Sauver Date: Sun, 27 Apr 2014 16:41:25 -0700 Subject: LOCALHOST definition should match any 127.0.0.0/8 address The entire 127.0.0.0/8 range is assigned to the loopback address, not only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8 loopback address. The only place that the #local? method was previously under test was in the show_expectations_test.rb file. I don't particularly like that that's implicitly where this code is under test, and I feel like I should move some of that testing code into the test/dispatch/request_test.rb file, but I wanted some feedback first. Credit goes to @sriedel for discovering the issue and adding the patch. --- actionpack/test/controller/show_exceptions_test.rb | 2 +- actionpack/test/dispatch/request_test.rb | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/show_exceptions_test.rb b/actionpack/test/controller/show_exceptions_test.rb index ff23b22040..f7eba1ef43 100644 --- a/actionpack/test/controller/show_exceptions_test.rb +++ b/actionpack/test/controller/show_exceptions_test.rb @@ -32,7 +32,7 @@ module ShowExceptions test 'show diagnostics from a local ip if show_detailed_exceptions? is set to request.local?' do @app = ShowExceptionsController.action(:boom) - ['127.0.0.1', '127.0.0.127', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address| + ['127.0.0.1', '127.0.0.127', '127.12.1.1', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address| self.remote_addr = ip_address get '/' assert_match(/boom/, body) diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index 1ef2b062dd..beae95f3fd 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -528,6 +528,13 @@ class RequestCGI < BaseRequestTest end end +class LocalhostTest < BaseRequestTest + test "IPs that match localhost" do + request = stub_request("REMOTE_IP" => "127.1.1.1", "REMOTE_ADDR" => "127.1.1.1") + assert_equal !!request.local?, true + end +end + class RequestCookie < BaseRequestTest test "cookie syntax resilience" do request = stub_request("HTTP_COOKIE" => "_session_id=c84ace84796670c052c6ceb2451fb0f2; is_admin=yes") -- cgit v1.2.3