Sanitize the URLs passed to redirect_to to prevent a potential respon…

…se spli CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers
rails · Oct 14, 2008 · 7282ed8 · 7282ed8
1 parent e857799
commit 7282ed8
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb
@@ -30,9 +30,9 @@ def charset
 
     def redirect(to_url, response_status)
       self.headers["Status"] = response_status
-      self.headers["Location"] = to_url
+      self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
 
-      self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
+      self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
     end
 
     def prepare!