Security: Sanitize Remote IP address

Dunno quite how, but evidently, request.ip is manipulable. Make sure it consists of a dotted-quad. Also, correct a typo from the previous revision.
2008-03-14 10:50:06 -05:00 · 2008-03-14 10:50:06 -05:00 · d46798dd08
commit d46798dd08
parent 827fb77ad3
2 changed files with 2 additions and 2 deletions
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@ -412,7 +412,7 @@ class WikiController < ApplicationController
  def remote_ip
    ip = request.remote_ip
    logger.info(ip)
-    ip
+    ip.gsub!(/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/, '\1')
  end

  def render_atom(hide_description = false, limit = 15)