kaputtnik has proposed merging lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website.
Requested reviews: Widelands Developers (widelands-dev) For more details, see: https://code.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/+merge/308337 Fixes getting the real ip address. Please take a look into the (unchanged) line of http://bazaar.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/view/head:/tracking/utils.py#L19 : ip_address = request.META.get('HTTP_X_FORWARDED_FOR', request.META.get('REMOTE_ADDR', '127.0.0.1')) It looks like the one parameter is used if the previous doesn't exist. But i couldn't find a documentation of the function get() to use it like this. Because we use the tracking only for showing online users (and not all the other things it can do), it needs also a big cleanup or replaced with another, or own, implementation. I couldn't test this branch on localhost for HTTP_X_FORWARDED_FOR (no proxy), so we might want to test it on the alpha-site. -- Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website.
=== modified file 'djangoratings/templatetags/ratings.py' --- djangoratings/templatetags/ratings.py 2016-05-18 19:31:46 +0000 +++ djangoratings/templatetags/ratings.py 2016-10-13 06:59:18 +0000 @@ -8,6 +8,7 @@ from django.db.models import ObjectDoesNotExist from djangoratings.models import Vote +from wl_utils import get_real_ip register = template.Library() @@ -25,7 +26,7 @@ except (template.VariableDoesNotExist, AttributeError): return '' try: - vote = field.get_rating_for_user(request.user, request.META['REMOTE_ADDR'], request.COOKIES) + vote = field.get_rating_for_user(request.user, get_real_ip(request), request.COOKIES) context[self.context_var] = vote except ObjectDoesNotExist: context[self.context_var] = 0 === modified file 'djangoratings/views.py' --- djangoratings/views.py 2016-05-18 19:31:46 +0000 +++ djangoratings/views.py 2016-10-13 06:59:18 +0000 @@ -5,6 +5,7 @@ from exceptions import * from django.conf import settings from default_settings import RATINGS_VOTES_PER_IP +from wl_utils import get_real_ip class AddRatingView(object): def __call__(self, request, content_type_id, object_id, field_name, score): @@ -30,12 +31,12 @@ 'score': score, }) - had_voted = bool(field.get_rating_for_user(request.user, request.META['REMOTE_ADDR'], request.COOKIES)) + had_voted = bool(field.get_rating_for_user(request.user, get_real_ip(request), request.COOKIES)) context['had_voted'] = had_voted try: - adds = field.add(score, request.user, request.META.get('REMOTE_ADDR'), request.COOKIES) + adds = field.add(score, request.user, get_real_ip(request), request.COOKIES) except IPLimitReached: return self.too_many_votes_from_ip_response(request, context) except AuthRequired: === modified file 'pybb/views.py' --- pybb/views.py 2016-10-09 11:17:03 +0000 +++ pybb/views.py 2016-10-13 06:59:18 +0000 @@ -19,6 +19,7 @@ from pybb import settings as pybb_settings from pybb.orm import load_related from django.conf import settings +from wl_utils import get_real_ip try: from notification import models as notification @@ -155,9 +156,8 @@ post = get_object_or_404(Post, pk=quote_id) quote = quote_text(post.body, post.user, "markdown") - ip = request.META.get('REMOTE_ADDR', '') form = build_form(AddPostForm, request, topic=topic, forum=forum, - user=request.user, ip=ip, + user=request.user, ip=get_real_ip(request), initial={'markup': "markdown", 'body': quote}) if form.is_valid(): === modified file 'threadedcomments/views.py' --- threadedcomments/views.py 2016-05-15 14:41:54 +0000 +++ threadedcomments/views.py 2016-10-13 06:59:18 +0000 @@ -8,6 +8,7 @@ from threadedcomments.forms import FreeThreadedCommentForm, ThreadedCommentForm from threadedcomments.models import ThreadedComment, FreeThreadedComment, DEFAULT_MAX_COMMENT_LENGTH from threadedcomments.utils import JSONResponse, XMLResponse +from wl_utils import get_real_ip def _adjust_max_comment_length(form, field_name='comment'): """ @@ -84,7 +85,7 @@ if form.is_valid(): new_comment = form.save(commit=False) if not edit_id: - new_comment.ip_address = request.META.get('REMOTE_ADDR', None) + new_comment.ip_address = get_real_ip(request) new_comment.content_type = get_object_or_404(ContentType, id = int(content_type)) new_comment.object_id = int(object_id) if model == ThreadedComment: === modified file 'wiki/views.py' --- wiki/views.py 2016-06-20 19:11:03 +0000 +++ wiki/views.py 2016-10-13 06:59:18 +0000 @@ -18,6 +18,8 @@ from django.contrib.auth.decorators import login_required from mainpage.templatetags.wl_markdown import do_wl_markdown +from wl_utils import get_real_ip + # Settings # lock duration in minutes try: @@ -34,16 +36,6 @@ ALL_ARTICLES = Article.objects.all() ALL_CHANGES = ChangeSet.objects.all() - -def get_real_ip(request): - """ Returns the real user IP, even if behind a proxy. - Set BEHIND_PROXY to True in your settings if Django is - running behind a proxy. - """ - if getattr(settings, 'BEHIND_PROXY', False): - return request.META['HTTP_X_FORWARDED_FOR'] - return request.META['REMOTE_ADDR'] - def get_articles_by_group(article_qs, group_slug=None, group_slug_field=None, group_qs=None): group = None === added file 'wl_utils.py' --- wl_utils.py 1970-01-01 00:00:00 +0000 +++ wl_utils.py 2016-10-13 06:59:18 +0000 @@ -0,0 +1,13 @@ +from django.conf import settings + + +def get_real_ip(request): + """Returns the real user IP, even if behind a proxy. + + Set BEHIND_PROXY to True in your settings if Django is running + behind a proxy. + + """ + if getattr(settings, 'BEHIND_PROXY', False): + return request.META['HTTP_X_FORWARDED_FOR'] + return request.META['REMOTE_ADDR'] === modified file 'wlimages/views.py' --- wlimages/views.py 2013-06-14 19:23:53 +0000 +++ wlimages/views.py 2016-10-13 06:59:18 +0000 @@ -1,27 +1,13 @@ from django.contrib.auth.decorators import login_required from django.contrib.contenttypes.models import ContentType -from django.core.urlresolvers import reverse from django.http import HttpResponse, HttpResponseRedirect from django.shortcuts import get_object_or_404, render_to_response from django.template import RequestContext from models import Image -from settings import MEDIA_ROOT -from django.core.files.uploadedfile import SimpleUploadedFile -from django.conf import settings - +from wl_utils import get_real_ip from forms import UploadImageForm - -def get_real_ip(request): - """ Returns the real user IP, even if behind a proxy. - Set BEHIND_PROXY to True in your settings if Django is - running behind a proxy. - """ - if getattr(settings, 'BEHIND_PROXY', False): - return request.META['HTTP_X_FORWARDED_FOR'] - return request.META['REMOTE_ADDR'] - def display( request, image, revision ): revision = int(revision) === modified file 'wlmaps/views.py' --- wlmaps/views.py 2016-05-18 19:31:46 +0000 +++ wlmaps/views.py 2016-10-13 06:59:18 +0000 @@ -8,12 +8,10 @@ from django.contrib.auth.decorators import login_required from django.http import HttpResponseRedirect, HttpResponseNotAllowed, HttpResponse, HttpResponseBadRequest from django.core.urlresolvers import reverse -from django.db import IntegrityError import models from settings import MAPS_PER_PAGE import os -import zipfile ######### @@ -44,9 +42,10 @@ if not (0 < val <= 10): return HttpResponseBadRequest() - + m.rating.add(score=val, user=request.user, - ip_address=request.META['REMOTE_ADDR']) + ip_address=get_real_ip(request)) + # m.save() is not needed return HttpResponseRedirect(reverse('wlmaps_view', None, {'map_slug': m.slug}))
_______________________________________________ Mailing list: https://launchpad.net/~widelands-dev Post to : widelands-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~widelands-dev More help : https://help.launchpad.net/ListHelp