Permalink
Browse files

Issue #5688:

* Fixed modulo based redirect to fail with a RoutingError rather than an InvalidURIError if the generated redirect URI is invalid because of a bad incoming URI
* Changed intgration test helper to not blow up on invalid URIs so that tests for invalid URIs can be written
* Still have a failing test because we still use URI.parse further down the testing stack in rack-test inadvertently validating the incoming URI for correctness
  • Loading branch information...
1 parent 0244c0d commit 95aad8f0da3cb940cff9ade4053e96fd14af0627 @kaiwren kaiwren committed Apr 1, 2012
@@ -93,13 +93,20 @@ def redirect(*args, &block)
path = args.shift
block = lambda { |params, request|
- (params.empty? || !path.match(/%\{\w*\}/)) ? path : (path % params)
+ (params.empty? || !path.match(/%\{\w*\}/)) ? path : verify_generated_url(path % params)
} if String === path
block = path if path.respond_to? :call
raise ArgumentError, "redirection argument not supported" unless block
Redirect.new status, block
end
+
+ private
+ def verify_generated_url(url)
+ url if URI.parse(url)
+ rescue URI::InvalidURIError => e
+ raise ActionController::RoutingError, e.message
+ end
end
end
end
@@ -301,9 +301,12 @@ def process(method, path, parameters = nil, rack_env = nil)
uri.scheme ||= env['rack.url_scheme']
uri.host ||= env['SERVER_NAME']
uri.port ||= env['SERVER_PORT'].try(:to_i)
- uri += path
-
- session.request(uri.to_s, env)
+ begin
+ uri += path
+ session.request(uri.to_s, env)
+ rescue URI::InvalidURIError => e
+ session.request(uri.to_s + path, env)
+ end
@request_count += 1
@request = ActionDispatch::Request.new(session.last_request.env)
@@ -677,6 +677,13 @@ def test_redirect_modulo
get '/account/modulo/name'
verify_redirect 'http://www.example.com/names'
end
+
+ def test_redirect_modulo_with_invalid_redirect_uri_generated
+ get '/account/modulo/name>'
+ assert_equal 'Not Found', @response.body
+ assert_raises(ActionController::RoutingError){ "" }
+ assert_equal 404, status
+ end
def test_redirect_proc
get '/account/proc/person'

0 comments on commit 95aad8f

Please sign in to comment.