kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Ensure we only store paths in store_location_for (thanks to @homakov for the tip)

Browse source
This commit is contained in:
José Valim 2013-11-13 13:30:24 +01:00
parent 221be6d6ef
commit 0582467032
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/devise/controllers/store_location.rb
View file

@ -1,3 +1,5 @@
require "uri"
module Devise
module Controllers
# Provide the ability to store a location.
@ -31,7 +33,7 @@ module Devise
#
def store_location_for(resource_or_scope, location)
session_key = stored_location_key_for(resource_or_scope)
session[session_key] = location
session[session_key] = URI.parse(location).path
end
private

6
test/controllers/helpers_test.rb
View file

@ -198,6 +198,12 @@ class ControllerAuthenticatableTest < ActionController::TestCase
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end
test 'store location for stores only paths' do
assert_nil @controller.stored_location_for(:user)
@controller.store_location_for(:user, "//host/foo.bar")
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end