Merge branch 'issues/1343-ip-spoofing-error' into rails-3-develop

2 files changed, 16 insertions, 1 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index ba086cfa3..78a82316a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -432,7 +432,11 @@ class ApplicationController < ActionController::Base
     def country_from_ip
         country = ""
         if !AlaveteliConfiguration::gaze_url.empty?
-            country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}")
+            begin
+                country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}")
+            rescue ActionDispatch::RemoteIp::IpSpoofAttackError
+                country = AlaveteliConfiguration::iso_country_code
+            end
         end
         country = AlaveteliConfiguration::iso_country_code if country.empty?
         return country
diff --git a/spec/integration/ip_spoofing_spec.rb b/spec/integration/ip_spoofing_spec.rb
new file mode 100644
index 000000000..073f71ad6
--- /dev/null
+++ b/spec/integration/ip_spoofing_spec.rb
@@ -0,0 +1,11 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe 'when getting a country message' do
+
+    it 'should not raise an IP spoofing error when given mismatched headers' do
+        get '/country_message', nil, { 'HTTP_X_FORWARDED_FOR' => '1.2.3.4',
+                                       'HTTP_CLIENT_IP' => '5.5.5.5' }
+        response.status.should == 200
+    end
+
+end