asked changes made, code tested and flask unittests all passed

8 years ago · 56b33ab458
2 changed files with 15 additions and 24 deletions
--- a/flask/helpers.py
+++ b/flask/helpers.py
@ -14,7 +14,6 @@ import sys
 import pkgutil
 import posixpath
 import mimetypes
-import warnings
 from time import time
 from zlib import adler32
 from threading import RLock
@ -960,32 +959,22 @@ def total_seconds(td):
    """
    return td.days * 60 * 60 * 24 + td.seconds

-def is_ip(string, var_name):
+def is_ip(ip):
    """Returns the if the string received is an IP or not.

    :param string: the string to check if it an IP or not
-    :param var_name: the name of the variable that is being checked
+    :param var_name: the name of the string that is being checked

    :returns: True if string is an IP, False if not
    :rtype: boolean
    """
-    ipv4 = string.split('.')
-    ipv6 = string.split(':')
-    try:
-        for i,t in enumerate(ipv6):
-            if not t:
-                ipv6[i] = "0"
-        if(all(int(t,16) >= 0 and int(t,16) <= 65535 for t in ipv6)):
-            print("IPv6 address introduced in " + var_name)
-            return True
-    except ValueError:
-        pass
+    import socket

-    if len(ipv4) == 4:
+    for family in (socket.AF_INET, socket.AF_INET6):
        try:
-            if(all(int(t) >= 0 and int(t) <= 255 for t in ipv4)):
-                print("IPv4 address introduced in " + var_name)
-        except ValueError:
-            return False
+            socket.inet_pton(family, ip)
+        except socket.error:
+            pass
        else:
+            return True
    return False
--- a/flask/sessions.py
+++ b/flask/sessions.py
@ -11,13 +11,14 @@

 import uuid
 import hashlib
+from warnings import warn
 from base64 import b64encode, b64decode
 from datetime import datetime
 from werkzeug.http import http_date, parse_date
 from werkzeug.datastructures import CallbackDict
 from . import Markup, json
 from ._compat import iteritems, text_type
-from .helpers import total_seconds, is_IP
+from .helpers import total_seconds, is_ip

 from itsdangerous import URLSafeTimedSerializer, BadSignature

@ -332,8 +333,9 @@ class SecureCookieSessionInterface(SessionInterface):

    def save_session(self, app, session, response):
        domain = self.get_cookie_domain(app)
-        if domain != None:
-            is_ip(domain, "SESSION_COOKIE_DOMAIN", self)
+        if domain is not None:
+            if is_ip(domain):
+                warnings.warn("IP introduced in SESSION_COOKIE_DOMAIN", RuntimeWarning)
        path = self.get_cookie_path(app)

        # Delete case.  If there is no session we bail early.