Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Sanitize the URLs passed to redirect_to to prevent a potential respon…
…se spli

CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers
  • Loading branch information
NZKoz committed Oct 19, 2008
1 parent 4a256d7 commit 9f9a6c4
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions actionpack/lib/action_controller/response.rb
Expand Up @@ -30,9 +30,9 @@ def charset

def redirect(to_url, response_status)
self.headers["Status"] = response_status
self.headers["Location"] = to_url
self.headers["Location"] = to_url.gsub(/[\r\n]/, '')

self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
end

def prepare!
Expand Down

0 comments on commit 9f9a6c4

Please sign in to comment.