Posting a FreeComment from an IPv6 address bypasses IPAddressField validation
|Reported by:||Owned by:||nobody|
|Severity:||Keywords:||comments ipv6 ipaddressfield|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I was unable to delve deeper into this, but when I post comments to my own site via my IPv6 link, the FreeComments app will - as it'd seem - try to insert the whole IPv6 address.
Somehow this passes the validation step too, so it hits an INSERT and since it's an IPAddressField, only 15 bytes are allowed. For MySQL this means that the value is chopped at 15 bytes and, IIRC, for PostgreSQL that means it'll raise an integrity error or alike.
The issue is really that the IPAddressField is meant for IPv4 and IPv4 alone, to which I saw only one remedy, and that's a patch which hasn't been touched for a year or so.
While I can't provide a patch right now, I'd like to see some way of supporting IPv6 addresses, and as I wrote before, there seems to be an issue with FreeComments and validation. If I go and save a FreeComment with this sort of mangled IPv6 address in the IPAddressField, it complains that the IP address isn't valid.
But again, this ticket is for the django.contrib.comments part.
Change History (3)
comment:1 Changed 9 years ago by
|Patch needs improvement:||unset|
|Triage Stage:||Unreviewed → Design decision needed|