Defect #41930 » 41930-v2.patch
| app/controllers/application_controller.rb | ||
|---|---|---|
| 511 | 511 |
if uri.send(component).present? && uri.send(component) != request.send(component) |
| 512 | 512 |
return false |
| 513 | 513 |
end |
| 514 | ||
| 515 |
uri.send(:"#{component}=", nil)
|
|
| 516 | 514 |
end |
| 517 |
# Always ignore basic user:password in the URL
|
|
| 518 |
uri.userinfo = nil
|
|
| 515 |
# Remove unnecessary components to convert the URL into a relative URL
|
|
| 516 |
uri.omit!(:scheme, :userinfo, :host, :port)
|
|
| 519 | 517 |
rescue Addressable::URI::InvalidURIError |
| 520 | 518 |
return false |
| 521 | 519 |
end |
| test/functional/account_controller_test.rb | ||
|---|---|---|
| 658 | 658 |
end |
| 659 | 659 |
end |
| 660 | 660 |
end |
| 661 | ||
| 662 |
def test_validate_back_url |
|
| 663 |
request.host = 'example.com' |
|
| 664 | ||
| 665 |
assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com/admin') |
|
| 666 |
assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com/admin') |
|
| 667 |
assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com/issues?query_id=1#top') |
|
| 668 |
assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com/issues') |
|
| 669 |
end |
|
| 670 | ||
| 671 |
def test_validate_back_url_with_port |
|
| 672 |
request.host = 'example.com:3000' |
|
| 673 | ||
| 674 |
assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com:3000/admin') |
|
| 675 |
assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com:3000/admin') |
|
| 676 |
assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com:3000/issues?query_id=1#top') |
|
| 677 |
assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com:3000/issues') |
|
| 678 |
end |
|
| 661 | 679 |
end |
- « Previous
- 1
- 2
- Next »