Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

get_redirection_information raises SecurityError if the redirection i…

…nformation cannot be decrypted.
  • Loading branch information...
commit 463734115964e243ede37a2ab7c8390489ba008c 1 parent 0d65ee9
Hongli Lai authored
2  lib/auto_redirection/controller_extensions.rb
View
@@ -135,6 +135,8 @@ def auto_redirect(options = {})
private
# Retrieve the redirection information that has been passed to the current
# controller action. Returns nil if no redirection information has been passed.
+ #
+ # Raises SecurityError if the redirection information cannot be decrypted.
def get_redirection_information
if !@_redirection_information_given
if params.has_key?(:_redirection_information)
6 lib/auto_redirection/redirection_information.rb
View
@@ -25,8 +25,14 @@ module AutoRedirection
class RedirectionInformation
def self.load(data, encrypted = true, ascii7 = true)
+ if data.nil?
+ raise ArgumentError, "The 'data' argument must be a String."
+ end
if encrypted
data = Encryption.decrypt(data, ascii7)
+ if data.nil?
+ raise SecurityError, "The redirection information cannot be decrypted."
+ end
end
info = Marshal.load(data)
if info[:url]
14 test/simple_redirections_test.rb
View
@@ -40,6 +40,15 @@ def action_save_redirection_information
def action_pass_redirection_information
render :inline => '<%= pass_redirection_information %>'
end
+
+ def action_get_redirection_information
+ begin
+ get_redirection_information
+ render :text => 'ok'
+ rescue => e
+ render :text => e.class.to_s
+ end
+ end
end
class UsersController < ActionController::Base
@@ -178,4 +187,9 @@ class SimpleRedirectionTest < ActionController::TestCase
assert !@controller.send(:match_exclusion_list, info, '/users')
end
+
+ test "get_redirection_information raises SecurityError if the redirection information cannot be decrypted" do
+ get(:action_get_redirection_information, { :_redirection_information => "foo" })
+ assert_equal 'SecurityError', @response.body
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.