Backport InternalRedirect#sanitize_redirect
This commit is contained in:
parent
adb069881a
commit
202bd2da16
|
@ -23,6 +23,10 @@ module InternalRedirect
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def sanitize_redirect(url_or_path)
|
||||||
|
safe_redirect_path(url_or_path) || safe_redirect_path_for_url(url_or_path)
|
||||||
|
end
|
||||||
|
|
||||||
def host_allowed?(uri)
|
def host_allowed?(uri)
|
||||||
uri.host == request.host &&
|
uri.host == request.host &&
|
||||||
uri.port == request.port
|
uri.port == request.port
|
||||||
|
|
|
@ -54,6 +54,31 @@ describe InternalRedirect do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#sanitize_redirect' do
|
||||||
|
let(:valid_path) { '/hello/world?hello=world' }
|
||||||
|
let(:valid_url) { "http://test.host#{valid_path}" }
|
||||||
|
|
||||||
|
it 'returns `nil` for invalid paths' do
|
||||||
|
invalid_path = '//not/valid'
|
||||||
|
|
||||||
|
expect(controller.sanitize_redirect(invalid_path)).to eq nil
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns `nil` for invalid urls' do
|
||||||
|
input = 'http://test.host:3000/invalid'
|
||||||
|
|
||||||
|
expect(controller.sanitize_redirect(input)).to eq nil
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns input for valid paths' do
|
||||||
|
expect(controller.sanitize_redirect(valid_path)).to eq valid_path
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns path for valid urls' do
|
||||||
|
expect(controller.sanitize_redirect(valid_url)).to eq valid_path
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe '#host_allowed?' do
|
describe '#host_allowed?' do
|
||||||
it 'allows uris with the same host and port' do
|
it 'allows uris with the same host and port' do
|
||||||
expect(controller.host_allowed?(URI('http://test.host/test'))).to be(true)
|
expect(controller.host_allowed?(URI('http://test.host/test'))).to be(true)
|
||||||
|
|
Loading…
Reference in New Issue