diff options
| author | Derek Prior <derekprior@gmail.com> | 2013-09-19 09:17:15 -0400 |
|---|---|---|
| committer | Derek Prior <derekprior@gmail.com> | 2013-09-19 09:23:20 -0400 |
| commit | a78c10d3c787c56106353eb025ebb93ffcdb7bac (patch) | |
| tree | 2b69e77ffe8091859cb81d4448f7f22d86fcd7df /actionpack | |
| parent | 1dacfbabf3bb1e0a9057dd2a016b1804e7fa38c0 (diff) | |
| download | rails-a78c10d3c787c56106353eb025ebb93ffcdb7bac.tar.gz rails-a78c10d3c787c56106353eb025ebb93ffcdb7bac.tar.bz2 rails-a78c10d3c787c56106353eb025ebb93ffcdb7bac.zip | |
Fix regex used to find URI schemes in redirect_to
The previous regex was allowing `_` in the URI scheme, which is not
allowed by RFC 3986. This change brings the regex in line with the RFC.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 5 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/metal/redirecting.rb | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index a7ad07afd9..b0b75f6909 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,8 @@ +* Fix regex used to detect URI schemes in `redirect_to` to be consistent with + RFC 3986. + + *Derek Prior* + * Fix incorrect `assert_redirected_to` failure message for protocol-relative URLs. diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb index f07b19c5da..ab14a61b97 100644 --- a/actionpack/lib/action_controller/metal/redirecting.rb +++ b/actionpack/lib/action_controller/metal/redirecting.rb @@ -78,7 +78,7 @@ module ActionController # characters; and is terminated by a colon (":"). # See http://tools.ietf.org/html/rfc3986#section-3.1 # The protocol relative scheme starts with a double slash "//". - when %r{\A(\w[\w+.-]*:|//).*} + when /\A([a-z][a-z\d\-+\.]*:|\/\/).*/i options when String request.protocol + request.host_with_port + options |