diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 8 | ||||
| -rw-r--r-- | spec/integration/errors_spec.rb | 8 | ||||
| -rw-r--r-- | spec/integration/ip_spoofing_spec.rb | 11 |
3 files changed, 25 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 410778d9a..78a82316a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -129,7 +129,7 @@ class ApplicationController < ActionController::Base @exception_class = exception.class.to_s @exception_message = exception.message case exception - when ActiveRecord::RecordNotFound, RouteNotFound + when ActiveRecord::RecordNotFound, RouteNotFound, WillPaginate::InvalidPage @status = 404 sanitize_path(params) when PermissionDenied @@ -432,7 +432,11 @@ class ApplicationController < ActionController::Base def country_from_ip country = "" if !AlaveteliConfiguration::gaze_url.empty? - country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}") + begin + country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}") + rescue ActionDispatch::RemoteIp::IpSpoofAttackError + country = AlaveteliConfiguration::iso_country_code + end end country = AlaveteliConfiguration::iso_country_code if country.empty? return country diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 3ff3edb53..8ceb8243b 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -54,6 +54,14 @@ describe "When errors occur" do end end + it 'should render a 404 when given an invalid page parameter' do + get '/body/list/all', :page => 'xoforvfmy' + response.should render_template('general/exception_caught') + response.code.should == '404' + response.body.should match("Sorry, we couldn't find that page") + response.body.should match(%Q(invalid value for Integer)) + end + it 'should url encode params' do get ('/%d3') response.should render_template('general/exception_caught') diff --git a/spec/integration/ip_spoofing_spec.rb b/spec/integration/ip_spoofing_spec.rb new file mode 100644 index 000000000..073f71ad6 --- /dev/null +++ b/spec/integration/ip_spoofing_spec.rb @@ -0,0 +1,11 @@ +require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') + +describe 'when getting a country message' do + + it 'should not raise an IP spoofing error when given mismatched headers' do + get '/country_message', nil, { 'HTTP_X_FORWARDED_FOR' => '1.2.3.4', + 'HTTP_CLIENT_IP' => '5.5.5.5' } + response.status.should == 200 + end + +end |