Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Sanitize the URLs passed to redirect_to to prevent a potential respon…

…se spli

CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers
  • Loading branch information...
commit 7282ed863ca7e6f928bae9162c9a63a98775a19d 1 parent e857799
@NZKoz NZKoz authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 actionpack/lib/action_controller/response.rb
View
4 actionpack/lib/action_controller/response.rb
@@ -30,9 +30,9 @@ def charset
def redirect(to_url, response_status)
self.headers["Status"] = response_status
- self.headers["Location"] = to_url
+ self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
- self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
+ self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
end
def prepare!
Please sign in to comment.
Something went wrong with that request. Please try again.