kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Sanitize the URLs passed to redirect_to to prevent a potential response splitting attack.

Browse source 
CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers, so care needs to be taken.
This commit is contained in:
Michael Koziarski 2008-10-14 11:37:59 +02:00
parent de0ed534f6
commit ba80ff74a9
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionpack/lib/action_controller/response.rb
View file

@ -114,8 +114,8 @@ module ActionController # :nodoc:
def redirect(url, status)
self.status = status
self.location = url
self.body = "<html><body>You are being <a href=\"#{url}\">redirected</a>.</body></html>"
self.location = url.gsub(/[\r\n]/, '')
self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(url)}\">redirected</a>.</body></html>"
end
def sending_file?