1 files changed, 32 insertions, 4 deletions

diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb
index 79041055bd..4331333b98 100644
--- a/actionpack/test/controller/redirect_test.rb
+++ b/actionpack/test/controller/redirect_test.rb
@@ -70,6 +70,10 @@ class RedirectController < ActionController::Base
     redirect_to "x-test+scheme.complex:redirect"
   end
 
+  def redirect_to_url_with_network_path_reference
+    redirect_to "//www.rubyonrails.org/"
+  end
+
   def redirect_to_back
     redirect_to :back
   end
@@ -99,9 +103,15 @@ class RedirectController < ActionController::Base
     redirect_to proc { {:action => "hello_world"} }
   end
 
-  def rescue_errors(e) raise e end
+  def redirect_with_header_break
+    redirect_to "/lol\r\nwat"
+  end
 
-  def rescue_action(e) raise end
+  def redirect_with_null_bytes
+    redirect_to "\000/lol\r\nwat"
+  end
+
+  def rescue_errors(e) raise e end
 
   protected
     def dashbord_url(id, message)
@@ -118,6 +128,18 @@ class RedirectTest < ActionController::TestCase
     assert_equal "http://test.host/redirect/hello_world", redirect_to_url
   end
 
+  def test_redirect_with_header_break
+    get :redirect_with_header_break
+    assert_response :redirect
+    assert_equal "http://test.host/lolwat", redirect_to_url
+  end
+
+  def test_redirect_with_null_bytes
+    get :redirect_with_null_bytes
+    assert_response :redirect
+    assert_equal "http://test.host/lolwat", redirect_to_url
+  end
+
   def test_redirect_with_no_status
     get :simple_redirect
     assert_response 302
@@ -216,6 +238,12 @@ class RedirectTest < ActionController::TestCase
     assert_equal "x-test+scheme.complex:redirect", redirect_to_url
   end
 
+  def test_redirect_to_url_with_network_path_reference
+    get :redirect_to_url_with_network_path_reference
+    assert_response :redirect
+    assert_equal "//www.rubyonrails.org/", redirect_to_url
+  end
+
   def test_redirect_to_back
     @request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
     get :redirect_to_back
@@ -234,7 +262,7 @@ class RedirectTest < ActionController::TestCase
     with_routing do |set|
       set.draw do
         resources :workshops
-        match ':controller/:action'
+        get ':controller/:action'
       end
 
       get :redirect_to_existing_record
@@ -268,7 +296,7 @@ class RedirectTest < ActionController::TestCase
   def test_redirect_to_with_block_and_accepted_options
     with_routing do |set|
       set.draw do
-        match ':controller/:action'
+        get ':controller/:action'
       end
 
       get :redirect_to_with_block_and_options