aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_controller')
-rw-r--r--actionpack/lib/action_controller/response.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb
index 54a99996ef..b440065482 100644
--- a/actionpack/lib/action_controller/response.rb
+++ b/actionpack/lib/action_controller/response.rb
@@ -114,8 +114,8 @@ module ActionController # :nodoc:
def redirect(url, status)
self.status = status
- self.location = url
- self.body = "<html><body>You are being <a href=\"#{url}\">redirected</a>.</body></html>"
+ self.location = url.gsub(/[\r\n]/, '')
+ self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(url)}\">redirected</a>.</body></html>"
end
def sending_file?
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 14:23:58 +0000