Permalink
Browse files

Fix regex used to find URI schemes in redirect_to

The previous regex was allowing `_` in the URI scheme, which is not
allowed by RFC 3986. This change brings the regex in line with the RFC.
  • Loading branch information...
derekprior committed Sep 19, 2013
1 parent 1dacfba commit a78c10d3c787c56106353eb025ebb93ffcdb7bac
Showing with 6 additions and 1 deletion.
  1. +5 −0 actionpack/CHANGELOG.md
  2. +1 −1 actionpack/lib/action_controller/metal/redirecting.rb
View
@@ -1,3 +1,8 @@
+* Fix regex used to detect URI schemes in `redirect_to` to be consistent with
+ RFC 3986.
+
+ *Derek Prior*
+
* Fix incorrect `assert_redirected_to` failure message for protocol-relative
URLs.
@@ -78,7 +78,7 @@ def _compute_redirect_to_location(options) #:nodoc:
# characters; and is terminated by a colon (":").
# See http://tools.ietf.org/html/rfc3986#section-3.1
# The protocol relative scheme starts with a double slash "//".
- when %r{\A(\w[\w+.-]*:|//).*}
+ when /\A([a-z][a-z\d\-+\.]*:|\/\/).*/i
options
when String
request.protocol + request.host_with_port + options

0 comments on commit a78c10d

Please sign in to comment.