From a78c10d3c787c56106353eb025ebb93ffcdb7bac Mon Sep 17 00:00:00 2001
From: Derek Prior <derekprior@gmail.com>
Date: Thu, 19 Sep 2013 09:17:15 -0400
Subject: Fix regex used to find URI schemes in redirect_to

The previous regex was allowing `_` in the URI scheme, which is not
allowed by RFC 3986. This change brings the regex in line with the RFC.
---
 actionpack/lib/action_controller/metal/redirecting.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_controller/metal')

diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index f07b19c5da..ab14a61b97 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -78,7 +78,7 @@ module ActionController
       # characters; and is terminated by a colon (":").
       # See http://tools.ietf.org/html/rfc3986#section-3.1
       # The protocol relative scheme starts with a double slash "//".
-      when %r{\A(\w[\w+.-]*:|//).*}
+      when /\A([a-z][a-z\d\-+\.]*:|\/\/).*/i
         options
       when String
         request.protocol + request.host_with_port + options
-- 
cgit v1.2.3