cmd/syncthing: Improve local host check (fixes #4815) (#4816)

This does a less restrictive (and more correct) check on the IP address,
and also allows the fully qualified "localhost.".

cmd/syncthing/gui.go

@@ -1560,9 +1560,14 @@ func addressIsLocalhost(addr string) bool {
 		host = addr
 	}
 	switch strings.ToLower(host) {
-	case "127.0.0.1", "::1", "localhost":
+	case "localhost", "localhost.":
 		return true
 	default:
-		return false
+		ip := net.ParseIP(host)
+		if ip == nil {
+			// not an IP address
+			return false
+		}
+		return ip.IsLoopback()
 	}
 }

cmd/syncthing/gui_test.go

@@ -842,16 +842,24 @@ func TestAddressIsLocalhost(t *testing.T) {
 		// These are all valid localhost addresses
 		{"localhost", true},
 		{"LOCALHOST", true},
+		{"localhost.", true},
 		{"::1", true},
 		{"127.0.0.1", true},
+		{"127.23.45.56", true},
 		{"localhost:8080", true},
 		{"LOCALHOST:8000", true},
+		{"localhost.:8080", true},
 		{"[::1]:8080", true},
 		{"127.0.0.1:8080", true},
+		{"127.23.45.56:8080", true},
 
 		// These are all non-localhost addresses
 		{"example.com", false},
 		{"example.com:8080", false},
+		{"localhost.com", false},
+		{"localhost.com:8080", false},
+		{"www.localhost", false},
+		{"www.localhost:8080", false},
 		{"192.0.2.10", false},
 		{"192.0.2.10:8080", false},
 		{"0.0.0.0", false},