kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Merge pull request #1823 from ooooooo-q/fix/redos

Browse source 
fix ReDoS
This commit is contained in:
Jordan Owens 2022-10-09 15:24:31 -04:00 committed by GitHub
commit 8ff496bd48
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rack-protection/lib/rack/protection/ip_spoofing.rb
View file

@ -16,7 +16,7 @@ module Rack
def accepts?(env)
return true unless env.include? 'HTTP_X_FORWARDED_FOR'
ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])