diff options
| author | Overbryd <l.rieder@gmail.com> | 2011-12-05 11:14:21 +0100 |
|---|---|---|
| committer | Overbryd <l.rieder@gmail.com> | 2011-12-05 11:19:48 +0100 |
| commit | e31c4ace97638d186aae389dd2cbe3b5786beb57 (patch) | |
| tree | 53dc3974e031bb77f5e5bb05f84a82e0acd16478 /actionpack | |
| parent | cf6ccf0ebd632ae5a8d4fc3b30ba47eff9837eef (diff) | |
| download | rails-e31c4ace97638d186aae389dd2cbe3b5786beb57.tar.gz rails-e31c4ace97638d186aae389dd2cbe3b5786beb57.tar.bz2 rails-e31c4ace97638d186aae389dd2cbe3b5786beb57.zip | |
Fix for redirect_to to respect urls with a network path reference like "//asset.host.com/resources/1235" see issue #3856
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/metal/redirecting.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/controller/redirect_test.rb | 10 |
2 files changed, 12 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb index 0355c9f458..7d14b175cc 100644 --- a/actionpack/lib/action_controller/metal/redirecting.rb +++ b/actionpack/lib/action_controller/metal/redirecting.rb @@ -18,7 +18,7 @@ module ActionController # # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+. # * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record. - # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) - Is passed straight through as the target for redirection. + # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) or a protocol relative reference (like <tt>//</tt>) - Is passed straight through as the target for redirection. # * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string. # * <tt>Proc</tt> - A block that will be executed in the controller's context. Should return any option accepted by +redirect_to+. # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places. @@ -81,7 +81,7 @@ module ActionController # The scheme name consist of a letter followed by any combination of # letters, digits, and the plus ("+"), period ("."), or hyphen ("-") # characters; and is terminated by a colon (":"). - when %r{^\w[\w+.-]*:.*} + when %r{^(\w[\w+.-]*:|\/\/).*} options when String request.protocol + request.host_with_port + options diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index 79041055bd..5b739e49ac 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -70,6 +70,10 @@ class RedirectController < ActionController::Base redirect_to "x-test+scheme.complex:redirect" end + def redirect_to_url_with_network_path_reference + redirect_to "//www.rubyonrails.org/" + end + def redirect_to_back redirect_to :back end @@ -216,6 +220,12 @@ class RedirectTest < ActionController::TestCase assert_equal "x-test+scheme.complex:redirect", redirect_to_url end + def test_redirect_to_url_with_network_path_reference + get :redirect_to_url_with_network_path_reference + assert_response :redirect + assert_equal "//www.rubyonrails.org/", redirect_to_url + end + def test_redirect_to_back @request.env["HTTP_REFERER"] = "http://www.example.com/coming/from" get :redirect_to_back |