diff options
author | Arthur Nogueira Neves <github@arthurnn.com> | 2015-06-16 23:28:51 +0200 |
---|---|---|
committer | Arthur Nogueira Neves <github@arthurnn.com> | 2015-06-16 23:28:51 +0200 |
commit | 0b3397872582f2cf1bc6960960a6393f477c55e6 (patch) | |
tree | 1df2a0d3797c54d7b53b50a0f63dac45f6952448 /actionpack/lib | |
parent | 56d52e3749180e6c1dcf7166adbad967470aa78b (diff) | |
parent | e23b3149458b22cf07382d6aeb2264585e28a339 (diff) | |
download | rails-0b3397872582f2cf1bc6960960a6393f477c55e6.tar.gz rails-0b3397872582f2cf1bc6960960a6393f477c55e6.tar.bz2 rails-0b3397872582f2cf1bc6960960a6393f477c55e6.zip |
Merge pull request #20584 from arthurnn/fix_url
Catch InvalidURIError on bad paths on redirect.
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_dispatch/routing/redirection.rb | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/routing/redirection.rb b/actionpack/lib/action_dispatch/routing/redirection.rb index 3c1c4fadf6..8d965a5f8e 100644 --- a/actionpack/lib/action_dispatch/routing/redirection.rb +++ b/actionpack/lib/action_dispatch/routing/redirection.rb @@ -23,8 +23,12 @@ module ActionDispatch def serve(req) req.check_path_parameters! - uri = URI.parse(path(req.path_parameters, req)) - + begin + uri = URI.parse(path(req.path_parameters, req)) + rescue URI::InvalidURIError + return [ 400, {}, ['Invalid path.'] ] + end + unless uri.host if relative_path?(uri.path) uri.path = "#{req.script_name}/#{uri.path}" @@ -32,7 +36,7 @@ module ActionDispatch uri.path = req.script_name.empty? ? "/" : req.script_name end end - + uri.scheme ||= req.scheme uri.host ||= req.host uri.port ||= req.port unless req.standard_port? @@ -124,7 +128,7 @@ module ActionDispatch url_options[:script_name] = request.script_name end end - + ActionDispatch::Http::URL.url_for url_options end |