first attempt to solve issue #2007

8 years ago · 7870862fd7
2 changed files with 24 additions and 1 deletions
--- a/flask/helpers.py
+++ b/flask/helpers.py
@ -958,3 +958,25 @@ def total_seconds(td):
    :rtype: int
    """
    return td.days * 60 * 60 * 24 + td.seconds
+
+def is_IP(string):
+    ipv4 = string.split('.')
+    ipv6 = string.split(':')
+    try:
+        for i,t in enumerate(ipv6):
+            if not t:
+                ipv6[i] = "0"
+        if(all(int(t,16) >= 0 and int(t,16) <= 65535 for t in ipv6)):
+            print("IPv6 address introduced in SESSION_COOKIE_DOMAIN!")
+            return True
+    except ValueError:
+        pass
+
+    if len(ipv4) == 4:
+        try:
+            if(all(int(t) >= 0 and int(t) <= 255 for t in ipv4)):
+                print("IPv4 address introduced in SESSION_COOKIE_DOMAIN!")
+        except ValueError:
+            return False
+    else:
+        return False
--- a/flask/sessions.py
+++ b/flask/sessions.py
@ -17,7 +17,7 @@ from werkzeug.http import http_date, parse_date
 from werkzeug.datastructures import CallbackDict
 from . import Markup, json
 from ._compat import iteritems, text_type
-from .helpers import total_seconds
+from .helpers import total_seconds, is_IP

 from itsdangerous import URLSafeTimedSerializer, BadSignature

@ -332,6 +332,7 @@ class SecureCookieSessionInterface(SessionInterface):

    def save_session(self, app, session, response):
        domain = self.get_cookie_domain(app)
+        is_IP(domain)
        path = self.get_cookie_path(app)

        # Delete case.  If there is no session we bail early.