kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

fix ReDoS

Browse source
This commit is contained in:
ooooooo_q 2022-10-08 11:23:45 +09:00
parent ceb49f043c
commit 441c06a7eb
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rack-protection/lib/rack/protection/ip_spoofing.rb
View file

@ -16,7 +16,7 @@ module Rack
def accepts?(env) def accepts?(env)
return true unless env.include? 'HTTP_X_FORWARDED_FOR' return true unless env.include? 'HTTP_X_FORWARDED_FOR'
ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/) ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP']) return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP']) return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])