kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

LOCALHOST definition should match any 127.0.0.0/8 address

Browse source 
The entire 127.0.0.0/8 range is assigned to the loopback address, not
only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST
to match any IPv4 127.0.0.0/8 loopback address.

The only place that the #local? method was previously under test was
in the show_expectations_test.rb file. I don't particularly like that
that's implicitly where this code is under test, and I feel like I
should move some of that testing code into the
test/dispatch/request_test.rb file, but I wanted some feedback first.

Credit goes to @sriedel for discovering the issue and adding the
patch.
This commit is contained in:
Earl J St Sauver 2014-04-27 16:41:25 -07:00 committed by Arthur Neves
parent 843b8c0b8c
commit 9ff18e4626
No known key found for this signature in database
GPG key ID: 04A390FB1E433E17
3 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_dispatch/http/request.rb
View file

@ -23,7 +23,7 @@ module ActionDispatch
autoload :Session, 'action_dispatch/request/session'
autoload :Utils, 'action_dispatch/request/utils'
LOCALHOST = Regexp.union [/^127\.0\.0\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
LOCALHOST = Regexp.union [/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/, /^::1$/, /^0:0:0:0:0:0:0:1(%.*)?$/]
ENV_METHODS = %w[ AUTH_TYPE GATEWAY_INTERFACE
PATH_TRANSLATED REMOTE_HOST

2
actionpack/test/controller/show_exceptions_test.rb
View file

@ -32,7 +32,7 @@ module ShowExceptions
test 'show diagnostics from a local ip if show_detailed_exceptions? is set to request.local?' do
@app = ShowExceptionsController.action(:boom)
['127.0.0.1', '127.0.0.127', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address|
['127.0.0.1', '127.0.0.127', '127.12.1.1', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address|
self.remote_addr = ip_address
get '/'
assert_match(/boom/, body)

7
actionpack/test/dispatch/request_test.rb
View file

@ -528,6 +528,13 @@ class RequestCGI < BaseRequestTest
end
end
class LocalhostTest < BaseRequestTest
test "IPs that match localhost" do
request = stub_request("REMOTE_IP" => "127.1.1.1", "REMOTE_ADDR" => "127.1.1.1")
assert_equal !!request.local?, true
end
end
class RequestCookie < BaseRequestTest
test "cookie syntax resilience" do
request = stub_request("HTTP_COOKIE" => "_session_id=c84ace84796670c052c6ceb2451fb0f2; is_admin=yes")