Ensure we only store paths in store_location_for (thanks to @homakov for the tip)
This commit is contained in:
parent
221be6d6ef
commit
0582467032
|
@ -1,3 +1,5 @@
|
||||||
|
require "uri"
|
||||||
|
|
||||||
module Devise
|
module Devise
|
||||||
module Controllers
|
module Controllers
|
||||||
# Provide the ability to store a location.
|
# Provide the ability to store a location.
|
||||||
|
@ -31,7 +33,7 @@ module Devise
|
||||||
#
|
#
|
||||||
def store_location_for(resource_or_scope, location)
|
def store_location_for(resource_or_scope, location)
|
||||||
session_key = stored_location_key_for(resource_or_scope)
|
session_key = stored_location_key_for(resource_or_scope)
|
||||||
session[session_key] = location
|
session[session_key] = URI.parse(location).path
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -198,6 +198,12 @@ class ControllerAuthenticatableTest < ActionController::TestCase
|
||||||
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
|
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'store location for stores only paths' do
|
||||||
|
assert_nil @controller.stored_location_for(:user)
|
||||||
|
@controller.store_location_for(:user, "//host/foo.bar")
|
||||||
|
assert_equal "/foo.bar", @controller.stored_location_for(:user)
|
||||||
|
end
|
||||||
|
|
||||||
test 'after sign in path defaults to root path if none by was specified for the given scope' do
|
test 'after sign in path defaults to root path if none by was specified for the given scope' do
|
||||||
assert_equal root_path, @controller.after_sign_in_path_for(:user)
|
assert_equal root_path, @controller.after_sign_in_path_for(:user)
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue