aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
diff options
context:
space:
mode:
authorAaron Patterson <aaron.patterson@gmail.com>2012-03-15 14:56:50 -0700
committerAaron Patterson <aaron.patterson@gmail.com>2012-03-15 14:58:27 -0700
commitf52ad6cf33e89d53fbf3c45347567a24226c65e3 (patch)
treea8a535b03901ba795d4b623a8012b5c7afea8856 /actionpack/lib
parentbd3e1ed23ce201dd63bd4ba2cfbfa254f4d36645 (diff)
downloadrails-f52ad6cf33e89d53fbf3c45347567a24226c65e3.tar.gz
rails-f52ad6cf33e89d53fbf3c45347567a24226c65e3.tar.bz2
rails-f52ad6cf33e89d53fbf3c45347567a24226c65e3.zip
Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
Diffstat (limited to 'actionpack/lib')
-rw-r--r--actionpack/lib/action_controller/metal/redirecting.rb2
-rw-r--r--actionpack/lib/action_dispatch/testing/assertions/response.rb2
2 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index b07742e0e1..3ffb7ef426 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -93,7 +93,7 @@ module ActionController
_compute_redirect_to_location options.call
else
url_for(options)
- end.gsub(/[\r\n]/, '')
+ end.gsub(/[\0\r\n]/, '')
end
end
end
diff --git a/actionpack/lib/action_dispatch/testing/assertions/response.rb b/actionpack/lib/action_dispatch/testing/assertions/response.rb
index 7381617dd7..6886ff2a03 100644
--- a/actionpack/lib/action_dispatch/testing/assertions/response.rb
+++ b/actionpack/lib/action_dispatch/testing/assertions/response.rb
@@ -83,7 +83,7 @@ module ActionDispatch
refer
else
@controller.url_for(fragment)
- end.gsub(/[\r\n]/, '')
+ end.gsub(/[\0\r\n]/, '')
end
def validate_request!
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-25 04:42:05 +0000