Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'open_uri'

* open_uri:
  [OpenURI] Reworked support for http to https redirects.
  [OpenURI] Support for unsafe redirects.
  • Loading branch information...
commit d2dd1f935463b369c22af2b23c791b86a9fe008f 2 parents 068d803 + 314f271
Fabio Pelosin fabiopelosin authored
1  CHANGELOG.md
View
@@ -10,6 +10,7 @@
###### Bug fixes
- The final project isn’t affected anymore by the `inhibit_all_warnings!` option.
+- Support for redirects while using podspec from an url. [#462](https://github.com/CocoaPods/CocoaPods/issues/462)
## 0.12.0
2  lib/cocoapods/dependency.rb
View
@@ -1,4 +1,4 @@
-require 'open-uri'
+require 'cocoapods/open_uri'
module Pod
class Dependency < Gem::Dependency
2  lib/cocoapods/executable.rb
View
@@ -40,7 +40,7 @@ def executable(name)
if should_raise
raise Informative, "#{name} #{command}\n\n#{output}"
else
- puts (Config.instance.verbose? ? ' ' : '') << "[!] Failed: #{full_command}".red unless Config.instance.silent?
+ puts((Config.instance.verbose? ? ' ' : '') << "[!] Failed: #{full_command}".red) unless Config.instance.silent?
end
end
output
22 lib/cocoapods/open_uri.rb
View
@@ -0,0 +1,22 @@
+require 'open-uri'
+
+# Inspiration from: https://gist.github.com/1271420
+#
+# Allow open-uri to follow http to https redirects.
+# Relevant issue:
+# http://redmine.ruby-lang.org/issues/3719
+# Source here:
+# https://github.com/ruby/ruby/blob/trunk/lib/open-uri.rb
+
+module OpenURI
+ def OpenURI.redirectable?(uri1, uri2) # :nodoc:
+ # This test is intended to forbid a redirection from http://... to
+ # file:///etc/passwd, file:///dev/zero, etc. CVE-2011-1521
+ # https to http redirect is also forbidden intentionally.
+ # It avoids sending secure cookie or referer by non-secure HTTP protocol.
+ # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
+ # However this is ad hoc. It should be extensible/configurable.
+ uri1.scheme.downcase == uri2.scheme.downcase ||
+ (/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:https?|ftp)\z/i =~ uri2.scheme)
+ end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.