widelands-dev team mailing list archive
-
widelands-dev team
-
Mailing list archive
-
Message #08481
[Merge] lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website
kaputtnik has proposed merging lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website.
Requested reviews:
Widelands Developers (widelands-dev)
For more details, see:
https://code.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/+merge/308337
Fixes getting the real ip address.
Please take a look into the (unchanged) line of http://bazaar.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/view/head:/tracking/utils.py#L19 :
ip_address = request.META.get('HTTP_X_FORWARDED_FOR',
request.META.get('REMOTE_ADDR', '127.0.0.1'))
It looks like the one parameter is used if the previous doesn't exist. But i couldn't find a documentation of the function get() to use it like this. Because we use the tracking only for showing online users (and not all the other things it can do), it needs also a big cleanup or replaced with another, or own, implementation.
I couldn't test this branch on localhost for HTTP_X_FORWARDED_FOR (no proxy), so we might want to test it on the alpha-site.
--
Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website.
=== modified file 'djangoratings/templatetags/ratings.py'
--- djangoratings/templatetags/ratings.py 2016-05-18 19:31:46 +0000
+++ djangoratings/templatetags/ratings.py 2016-10-13 06:59:18 +0000
@@ -8,6 +8,7 @@
from django.db.models import ObjectDoesNotExist
from djangoratings.models import Vote
+from wl_utils import get_real_ip
register = template.Library()
@@ -25,7 +26,7 @@
except (template.VariableDoesNotExist, AttributeError):
return ''
try:
- vote = field.get_rating_for_user(request.user, request.META['REMOTE_ADDR'], request.COOKIES)
+ vote = field.get_rating_for_user(request.user, get_real_ip(request), request.COOKIES)
context[self.context_var] = vote
except ObjectDoesNotExist:
context[self.context_var] = 0
=== modified file 'djangoratings/views.py'
--- djangoratings/views.py 2016-05-18 19:31:46 +0000
+++ djangoratings/views.py 2016-10-13 06:59:18 +0000
@@ -5,6 +5,7 @@
from exceptions import *
from django.conf import settings
from default_settings import RATINGS_VOTES_PER_IP
+from wl_utils import get_real_ip
class AddRatingView(object):
def __call__(self, request, content_type_id, object_id, field_name, score):
@@ -30,12 +31,12 @@
'score': score,
})
- had_voted = bool(field.get_rating_for_user(request.user, request.META['REMOTE_ADDR'], request.COOKIES))
+ had_voted = bool(field.get_rating_for_user(request.user, get_real_ip(request), request.COOKIES))
context['had_voted'] = had_voted
try:
- adds = field.add(score, request.user, request.META.get('REMOTE_ADDR'), request.COOKIES)
+ adds = field.add(score, request.user, get_real_ip(request), request.COOKIES)
except IPLimitReached:
return self.too_many_votes_from_ip_response(request, context)
except AuthRequired:
=== modified file 'pybb/views.py'
--- pybb/views.py 2016-10-09 11:17:03 +0000
+++ pybb/views.py 2016-10-13 06:59:18 +0000
@@ -19,6 +19,7 @@
from pybb import settings as pybb_settings
from pybb.orm import load_related
from django.conf import settings
+from wl_utils import get_real_ip
try:
from notification import models as notification
@@ -155,9 +156,8 @@
post = get_object_or_404(Post, pk=quote_id)
quote = quote_text(post.body, post.user, "markdown")
- ip = request.META.get('REMOTE_ADDR', '')
form = build_form(AddPostForm, request, topic=topic, forum=forum,
- user=request.user, ip=ip,
+ user=request.user, ip=get_real_ip(request),
initial={'markup': "markdown", 'body': quote})
if form.is_valid():
=== modified file 'threadedcomments/views.py'
--- threadedcomments/views.py 2016-05-15 14:41:54 +0000
+++ threadedcomments/views.py 2016-10-13 06:59:18 +0000
@@ -8,6 +8,7 @@
from threadedcomments.forms import FreeThreadedCommentForm, ThreadedCommentForm
from threadedcomments.models import ThreadedComment, FreeThreadedComment, DEFAULT_MAX_COMMENT_LENGTH
from threadedcomments.utils import JSONResponse, XMLResponse
+from wl_utils import get_real_ip
def _adjust_max_comment_length(form, field_name='comment'):
"""
@@ -84,7 +85,7 @@
if form.is_valid():
new_comment = form.save(commit=False)
if not edit_id:
- new_comment.ip_address = request.META.get('REMOTE_ADDR', None)
+ new_comment.ip_address = get_real_ip(request)
new_comment.content_type = get_object_or_404(ContentType, id = int(content_type))
new_comment.object_id = int(object_id)
if model == ThreadedComment:
=== modified file 'wiki/views.py'
--- wiki/views.py 2016-06-20 19:11:03 +0000
+++ wiki/views.py 2016-10-13 06:59:18 +0000
@@ -18,6 +18,8 @@
from django.contrib.auth.decorators import login_required
from mainpage.templatetags.wl_markdown import do_wl_markdown
+from wl_utils import get_real_ip
+
# Settings
# lock duration in minutes
try:
@@ -34,16 +36,6 @@
ALL_ARTICLES = Article.objects.all()
ALL_CHANGES = ChangeSet.objects.all()
-
-def get_real_ip(request):
- """ Returns the real user IP, even if behind a proxy.
- Set BEHIND_PROXY to True in your settings if Django is
- running behind a proxy.
- """
- if getattr(settings, 'BEHIND_PROXY', False):
- return request.META['HTTP_X_FORWARDED_FOR']
- return request.META['REMOTE_ADDR']
-
def get_articles_by_group(article_qs, group_slug=None,
group_slug_field=None, group_qs=None):
group = None
=== added file 'wl_utils.py'
--- wl_utils.py 1970-01-01 00:00:00 +0000
+++ wl_utils.py 2016-10-13 06:59:18 +0000
@@ -0,0 +1,13 @@
+from django.conf import settings
+
+
+def get_real_ip(request):
+ """Returns the real user IP, even if behind a proxy.
+
+ Set BEHIND_PROXY to True in your settings if Django is running
+ behind a proxy.
+
+ """
+ if getattr(settings, 'BEHIND_PROXY', False):
+ return request.META['HTTP_X_FORWARDED_FOR']
+ return request.META['REMOTE_ADDR']
=== modified file 'wlimages/views.py'
--- wlimages/views.py 2013-06-14 19:23:53 +0000
+++ wlimages/views.py 2016-10-13 06:59:18 +0000
@@ -1,27 +1,13 @@
from django.contrib.auth.decorators import login_required
from django.contrib.contenttypes.models import ContentType
-from django.core.urlresolvers import reverse
from django.http import HttpResponse, HttpResponseRedirect
from django.shortcuts import get_object_or_404, render_to_response
from django.template import RequestContext
from models import Image
-from settings import MEDIA_ROOT
-from django.core.files.uploadedfile import SimpleUploadedFile
-from django.conf import settings
-
+from wl_utils import get_real_ip
from forms import UploadImageForm
-
-def get_real_ip(request):
- """ Returns the real user IP, even if behind a proxy.
- Set BEHIND_PROXY to True in your settings if Django is
- running behind a proxy.
- """
- if getattr(settings, 'BEHIND_PROXY', False):
- return request.META['HTTP_X_FORWARDED_FOR']
- return request.META['REMOTE_ADDR']
-
def display( request, image, revision ):
revision = int(revision)
=== modified file 'wlmaps/views.py'
--- wlmaps/views.py 2016-05-18 19:31:46 +0000
+++ wlmaps/views.py 2016-10-13 06:59:18 +0000
@@ -8,12 +8,10 @@
from django.contrib.auth.decorators import login_required
from django.http import HttpResponseRedirect, HttpResponseNotAllowed, HttpResponse, HttpResponseBadRequest
from django.core.urlresolvers import reverse
-from django.db import IntegrityError
import models
from settings import MAPS_PER_PAGE
import os
-import zipfile
#########
@@ -44,9 +42,10 @@
if not (0 < val <= 10):
return HttpResponseBadRequest()
-
+
m.rating.add(score=val, user=request.user,
- ip_address=request.META['REMOTE_ADDR'])
+ ip_address=get_real_ip(request))
+
# m.save() is not needed
return HttpResponseRedirect(reverse('wlmaps_view', None, {'map_slug': m.slug}))
Follow ups
