Skip to content
Browse files

Merge pull request #5456 from brianmario/redirect-sanitization

Strip null bytes from Location header
  • Loading branch information...
1 parent cfab216 commit 47147a0555e26275342af8478b695ad2353fd46a @tenderlove tenderlove committed Mar 15, 2012
View
2 actionpack/lib/action_controller/metal/redirecting.rb
@@ -92,7 +92,7 @@ def _compute_redirect_to_location(options)
_compute_redirect_to_location options.call
else
url_for(options)
- end.gsub(/[\r\n]/, '')
+ end.gsub(/[\0\r\n]/, '')
end
end
end
View
2 actionpack/lib/action_dispatch/testing/assertions/response.rb
@@ -85,7 +85,7 @@ def normalize_argument_to_redirection(fragment)
refer
else
@controller.url_for(fragment)
- end.gsub(/[\r\n]/, '')
+ end.gsub(/[\0\r\n]/, '')
end
def validate_request!
View
20 actionpack/test/controller/redirect_test.rb
@@ -94,6 +94,14 @@ def redirect_to_with_block_and_options
redirect_to proc { {:action => "hello_world"} }
end
+ def redirect_with_header_break
+ redirect_to "/lol\r\nwat"
+ end
+
+ def redirect_with_null_bytes
+ redirect_to "\000/lol\r\nwat"
+ end
+
def rescue_errors(e) raise e end
def rescue_action(e) raise end
@@ -113,6 +121,18 @@ def test_simple_redirect
assert_equal "http://test.host/redirect/hello_world", redirect_to_url
end
+ def test_redirect_with_header_break
+ get :redirect_with_header_break
+ assert_response :redirect
+ assert_equal "http://test.host/lolwat", redirect_to_url
+ end
+
+ def test_redirect_with_null_bytes
+ get :redirect_with_header_break
+ assert_response :redirect
+ assert_equal "http://test.host/lolwat", redirect_to_url
+ end
+
def test_redirect_with_no_status
get :simple_redirect
assert_response 302

0 comments on commit 47147a0

Please sign in to comment.
Something went wrong with that request. Please try again.