Merge pull request #67 from tilthouse/uri-parsing

URI encode before passing to URI object to deal with pathological URIs
tobmatth · Mar 17, 2014 · 1ef4515 · 1ef4515 · oveddan · Jul 17, 2014
2 parents 2c9daa7 + c39a72b
commit 1ef4515
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/lib/rack/ssl-enforcer.rb b/lib/rack/ssl-enforcer.rb
@@ -109,7 +109,7 @@ def ssl_request?
 
     def destination_host
       if @options[:redirect_to]
-        host_parts = URI.split(@options[:redirect_to])
+        host_parts = URI.split(URI.encode(@options[:redirect_to]))
         host_parts[2] || host_parts[5]
       end
     end
@@ -153,7 +153,7 @@ def replace_scheme(uri, scheme)
       return uri if not scheme_mismatch?
 
       port = adjust_port_to(scheme)
-      uri_parts = URI.split(uri)
+      uri_parts = URI.split(URI.encode(uri))
       uri_parts[3] = port unless port.nil?
       uri_parts[0] = scheme
       URI::HTTP.new(*uri_parts).to_s
@@ -162,9 +162,9 @@ def replace_scheme(uri, scheme)
     def replace_host(uri, host)
       return uri unless host_mismatch?
 
-      host_parts = URI.split(host)
+      host_parts = URI.split(URI.encode(host))
       new_host = host_parts[2] || host_parts[5]
-      uri_parts = URI.split(uri)
+      uri_parts = URI.split(URI.encode(uri))
       uri_parts[2] = new_host
       URI::HTTPS.new(*uri_parts).to_s
     end