kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Fix for redirect_to to respect urls with a network path reference like "//asset.host.com/resources/1235" see issue #3856

Browse source
This commit is contained in:
Overbryd 2011-12-05 11:14:21 +01:00
parent cf6ccf0ebd
commit e31c4ace97
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionpack/lib/action_controller/metal/redirecting.rb
View file

@ -18,7 +18,7 @@ module ActionController
# #
# * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+. # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+.
# * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record. # * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record.
# * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) - Is passed straight through as the target for redirection. # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) or a protocol relative reference (like <tt>//</tt>) - Is passed straight through as the target for redirection.
# * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string. # * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string.
# * <tt>Proc</tt> - A block that will be executed in the controller's context. Should return any option accepted by +redirect_to+. # * <tt>Proc</tt> - A block that will be executed in the controller's context. Should return any option accepted by +redirect_to+.
# * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places. # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places.
@ -81,7 +81,7 @@ module ActionController
# The scheme name consist of a letter followed by any combination of # The scheme name consist of a letter followed by any combination of
# letters, digits, and the plus ("+"), period ("."), or hyphen ("-") # letters, digits, and the plus ("+"), period ("."), or hyphen ("-")
# characters; and is terminated by a colon (":"). # characters; and is terminated by a colon (":").
when %r{^\w[\w+.-]*:.*} when %r{^(\w[\w+.-]*:|\/\/).*}
options options
when String when String
request.protocol + request.host_with_port + options request.protocol + request.host_with_port + options

10
actionpack/test/controller/redirect_test.rb
View file

@ -70,6 +70,10 @@ class RedirectController < ActionController::Base
redirect_to "x-test+scheme.complex:redirect" redirect_to "x-test+scheme.complex:redirect"
end end
def redirect_to_url_with_network_path_reference
redirect_to "//www.rubyonrails.org/"
end
def redirect_to_back def redirect_to_back
redirect_to :back redirect_to :back
end end
@ -216,6 +220,12 @@ class RedirectTest < ActionController::TestCase
assert_equal "x-test+scheme.complex:redirect", redirect_to_url assert_equal "x-test+scheme.complex:redirect", redirect_to_url
end end
def test_redirect_to_url_with_network_path_reference
get :redirect_to_url_with_network_path_reference
assert_response :redirect
assert_equal "//www.rubyonrails.org/", redirect_to_url
end
def test_redirect_to_back def test_redirect_to_back
@request.env["HTTP_REFERER"] = "http://www.example.com/coming/from" @request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
get :redirect_to_back get :redirect_to_back