aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/rails-2.1.0/actionpack/lib/action_controller
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/rails-2.1.0/actionpack/lib/action_controller')
-rwxr-xr-xvendor/rails-2.1.0/actionpack/lib/action_controller/request.rb7
1 files changed, 4 insertions, 3 deletions
diff --git a/vendor/rails-2.1.0/actionpack/lib/action_controller/request.rb b/vendor/rails-2.1.0/actionpack/lib/action_controller/request.rb
index a35b90419..f275ec11b 100755
--- a/vendor/rails-2.1.0/actionpack/lib/action_controller/request.rb
+++ b/vendor/rails-2.1.0/actionpack/lib/action_controller/request.rb
@@ -140,8 +140,10 @@ module ActionController
return @env['REMOTE_ADDR']
end
+ remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
+
if @env.include? 'HTTP_CLIENT_IP'
- if @env.include? 'HTTP_X_FORWARDED_FOR'
+ if remote_ips and !remote_ips.include?(@env['HTTP_CLIENT_IP'])
# We don't know which came from the proxy, and which from the user
raise ActionControllerError.new(<<EOM)
IP spoofing attack?!
@@ -152,8 +154,7 @@ EOM
return @env['HTTP_CLIENT_IP']
end
- if @env.include? 'HTTP_X_FORWARDED_FOR' then
- remote_ips = @env['HTTP_X_FORWARDED_FOR'].split(',')
+ if remote_ips
while remote_ips.size > 1 && TRUSTED_PROXIES =~ remote_ips.last.strip
remote_ips.pop
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-06 14:21:23 +0000