kolan/Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rescue back_url param parsing on redirect.

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2126 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2008-12-12 16:03:57 +00:00
parent 29f364f63c
commit 1bfbecbcab
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/controllers/application.rb
View File

@ -126,13 +126,20 @@ class ApplicationController < ActionController::Base
def redirect_back_or_default(default) def redirect_back_or_default(default)
back_url = CGI.unescape(params[:back_url].to_s) back_url = CGI.unescape(params[:back_url].to_s)
if !back_url.blank? if !back_url.blank?
uri = URI.parse(back_url) begin
# do not redirect user to another host or to the login or register page uri = URI.parse(back_url)
if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)}) # do not redirect user to another host or to the login or register page
redirect_to(back_url) and return if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
redirect_to(back_url) and return
end
rescue URI::InvalidURIError
# redirect to default
end end
end end
redirect_to default redirect_to default
rescue
end end
def render_403 def render_403