Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Sanitize the URLs passed to redirect_to to prevent a potential respon…

…se splitting attack.

CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers, so care needs to be taken.
  • Loading branch information...
commit ba80ff74a9627f676b4c426587ce5ea487665e46 1 parent de0ed53
@NZKoz NZKoz authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 actionpack/lib/action_controller/response.rb
View
4 actionpack/lib/action_controller/response.rb
@@ -114,8 +114,8 @@ def etag=(etag)
def redirect(url, status)
self.status = status
- self.location = url
- self.body = "<html><body>You are being <a href=\"#{url}\">redirected</a>.</body></html>"
+ self.location = url.gsub(/[\r\n]/, '')
+ self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(url)}\">redirected</a>.</body></html>"
end
def sending_file?
Please sign in to comment.
Something went wrong with that request. Please try again.