From e23b3149458b22cf07382d6aeb2264585e28a339 Mon Sep 17 00:00:00 2001
From: Arthur Neves <arthurnn@gmail.com>
Date: Tue, 16 Jun 2015 21:03:39 +0200
Subject: Catch InvalidURIError on bad paths on redirect.

Handle URI::InvalidURIError errors on the redirect route method, so it
wont raise a 500 if a bad path is given.
---
 actionpack/lib/action_dispatch/routing/redirection.rb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'actionpack/lib/action_dispatch/routing')

diff --git a/actionpack/lib/action_dispatch/routing/redirection.rb b/actionpack/lib/action_dispatch/routing/redirection.rb
index 3c1c4fadf6..8d965a5f8e 100644
--- a/actionpack/lib/action_dispatch/routing/redirection.rb
+++ b/actionpack/lib/action_dispatch/routing/redirection.rb
@@ -23,8 +23,12 @@ module ActionDispatch
 
       def serve(req)
         req.check_path_parameters!
-        uri = URI.parse(path(req.path_parameters, req))
-        
+        begin
+          uri = URI.parse(path(req.path_parameters, req))
+        rescue URI::InvalidURIError
+          return [ 400, {}, ['Invalid path.'] ]
+        end
+
         unless uri.host
           if relative_path?(uri.path)
             uri.path = "#{req.script_name}/#{uri.path}"
@@ -32,7 +36,7 @@ module ActionDispatch
             uri.path = req.script_name.empty? ? "/" : req.script_name
           end
         end
-          
+
         uri.scheme ||= req.scheme
         uri.host   ||= req.host
         uri.port   ||= req.port unless req.standard_port?
@@ -124,7 +128,7 @@ module ActionDispatch
             url_options[:script_name] = request.script_name
           end
         end
-        
+
         ActionDispatch::Http::URL.url_for url_options
       end
 
-- 
cgit v1.2.3