Opened 11 years ago

Closed 10 years ago

#5249 closed (invalid)

Posting a FreeComment from an IPv6 address bypasses IPAddressField validation

Reported by: Ludvig Ericson <ludvig.ericson@…> Owned by: nobody
Component: contrib.comments Version: master
Severity: Keywords: comments ipv6 ipaddressfield
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


I was unable to delve deeper into this, but when I post comments to my own site via my IPv6 link, the FreeComments app will - as it'd seem - try to insert the whole IPv6 address.

Somehow this passes the validation step too, so it hits an INSERT and since it's an IPAddressField, only 15 bytes are allowed. For MySQL this means that the value is chopped at 15 bytes and, IIRC, for PostgreSQL that means it'll raise an integrity error or alike.

The issue is really that the IPAddressField is meant for IPv4 and IPv4 alone, to which I saw only one remedy, and that's a patch which hasn't been touched for a year or so.

While I can't provide a patch right now, I'd like to see some way of supporting IPv6 addresses, and as I wrote before, there seems to be an issue with FreeComments and validation. If I go and save a FreeComment with this sort of mangled IPv6 address in the IPAddressField, it complains that the IP address isn't valid.

But again, this ticket is for the django.contrib.comments part.

Change History (3)

comment:1 Changed 11 years ago by Simon G <dev@…>

Triage Stage: UnreviewedDesign decision needed

comment:2 Changed 11 years ago by Simon G <dev@…>

Triage Stage: Design decision neededAccepted

Oops. That should be accepted.

comment:3 Changed 10 years ago by Jacob

Resolution: invalid
Status: newclosed

With the new comment system added in [8557], I'm closing all comment-related tickets since they're against an old system. Please open a new ticket for this issue if it still applies in the new system.

Note: See TracTickets for help on using tickets.
Back to Top