mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #20584 from arthurnn/fix_url
Catch InvalidURIError on bad paths on redirect.
This commit is contained in:
commit
0b33978725
3 changed files with 19 additions and 4 deletions
|
@ -1,3 +1,7 @@
|
|||
* Handle InvalidURIError on bad paths on redirect route.
|
||||
|
||||
*arthurnn*
|
||||
|
||||
* Deprecate passing first parameter as `Hash` and default status code for `head` method.
|
||||
|
||||
*Mehmet Emin İNAÇ*
|
||||
|
|
|
@ -23,7 +23,11 @@ module ActionDispatch
|
|||
|
||||
def serve(req)
|
||||
req.check_path_parameters!
|
||||
begin
|
||||
uri = URI.parse(path(req.path_parameters, req))
|
||||
rescue URI::InvalidURIError
|
||||
return [ 400, {}, ['Invalid path.'] ]
|
||||
end
|
||||
|
||||
unless uri.host
|
||||
if relative_path?(uri.path)
|
||||
|
|
|
@ -219,6 +219,13 @@ module ActionDispatch
|
|||
assert_equal 404, resp.first
|
||||
end
|
||||
|
||||
def test_invalid_url_path
|
||||
routes = Class.new { include ActionDispatch::Routing::Redirection }.new
|
||||
route = routes.redirect("/foo/bar/%{id}")
|
||||
resp = route.serve(rails_env({ 'REQUEST_METHOD' => 'GET', 'PATH_INFO' => '/foo/(function(){})' }))
|
||||
assert_equal 400, resp.first
|
||||
end
|
||||
|
||||
def test_clear_trailing_slash_from_script_name_on_root_unanchored_routes
|
||||
route_set = Routing::RouteSet.new
|
||||
mapper = Routing::Mapper.new route_set
|
||||
|
|
Loading…
Reference in a new issue