diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-03-15 14:56:50 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-03-15 14:58:27 -0700 |
commit | f52ad6cf33e89d53fbf3c45347567a24226c65e3 (patch) | |
tree | a8a535b03901ba795d4b623a8012b5c7afea8856 /actionpack/test/controller/redirect_test.rb | |
parent | bd3e1ed23ce201dd63bd4ba2cfbfa254f4d36645 (diff) | |
download | rails-f52ad6cf33e89d53fbf3c45347567a24226c65e3.tar.gz rails-f52ad6cf33e89d53fbf3c45347567a24226c65e3.tar.bz2 rails-f52ad6cf33e89d53fbf3c45347567a24226c65e3.zip |
Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
Diffstat (limited to 'actionpack/test/controller/redirect_test.rb')
-rw-r--r-- | actionpack/test/controller/redirect_test.rb | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index 5b739e49ac..a184e355ad 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -103,6 +103,14 @@ class RedirectController < ActionController::Base redirect_to proc { {:action => "hello_world"} } end + def redirect_with_header_break + redirect_to "/lol\r\nwat" + end + + def redirect_with_null_bytes + redirect_to "\000/lol\r\nwat" + end + def rescue_errors(e) raise e end def rescue_action(e) raise end @@ -122,6 +130,18 @@ class RedirectTest < ActionController::TestCase assert_equal "http://test.host/redirect/hello_world", redirect_to_url end + def test_redirect_with_header_break + get :redirect_with_header_break + assert_response :redirect + assert_equal "http://test.host/lolwat", redirect_to_url + end + + def test_redirect_with_null_bytes + get :redirect_with_header_break + assert_response :redirect + assert_equal "http://test.host/lolwat", redirect_to_url + end + def test_redirect_with_no_status get :simple_redirect assert_response 302 |