kotovalexarian-likes-github
/
heartcombo--devise
mirror of https://github.com/heartcombo/devise.git
1
0
Fork 0
Code Releases Activity

Ensure we only store paths in store_location_for (thanks to @homakov for the tip)

This commit is contained in:
José Valim 2013-11-13 13:30:24 +01:00
parent 221be6d6ef
commit 0582467032
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/devise/controllers/store_location.rb
View File

@ -1,3 +1,5 @@
require "uri"
module Devise module Devise
module Controllers module Controllers
# Provide the ability to store a location. # Provide the ability to store a location.
@ -31,7 +33,7 @@ module Devise
# #
def store_location_for(resource_or_scope, location) def store_location_for(resource_or_scope, location)
session_key = stored_location_key_for(resource_or_scope) session_key = stored_location_key_for(resource_or_scope)
session[session_key] = location session[session_key] = URI.parse(location).path
end end
private private

6
test/controllers/helpers_test.rb
View File

@ -198,6 +198,12 @@ class ControllerAuthenticatableTest < ActionController::TestCase
assert_equal "/foo.bar", @controller.stored_location_for(User.new) assert_equal "/foo.bar", @controller.stored_location_for(User.new)
end end
test 'store location for stores only paths' do
assert_nil @controller.stored_location_for(:user)
@controller.store_location_for(:user, "//host/foo.bar")
assert_equal "/foo.bar", @controller.stored_location_for(:user)
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user) assert_equal root_path, @controller.after_sign_in_path_for(:user)
end end