govuk_content_models 31.3.0 → 31.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/app/models/artefact.rb +8 -1
- data/lib/govuk_content_models/version.rb +1 -1
- data/test/models/artefact_test.rb +16 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 40258d79cad346c7ad24fd75eab16db040358d7c
|
4
|
+
data.tar.gz: fbcb1c49048321f69113c637c9abdd16a00391f8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: be04aedd7bb95a1523e44da86185e2004fd21b2dc5fc916e814ea9deee7c4d34e9b3137e7d7c19322e69b6b5f9a715c75b480839b879af8c7456be4289bce41b
|
7
|
+
data.tar.gz: 535ca3d75b80953e884fd95cdb8d21cd2b36150f01981b50da64111943288626c9415e82762e81e2c557b8d2409738664d24eee910280ed21fd23af84a0b26ee
|
data/CHANGELOG.md
CHANGED
data/app/models/artefact.rb
CHANGED
@@ -401,8 +401,15 @@ class Artefact
|
|
401
401
|
|
402
402
|
def validate_redirect_url
|
403
403
|
return unless self.redirect_url.present?
|
404
|
-
unless
|
404
|
+
unless valid_redirect_url_path?(self.redirect_url)
|
405
405
|
errors[:redirect_url] << "is not a valid redirect target"
|
406
406
|
end
|
407
407
|
end
|
408
|
+
|
409
|
+
def valid_redirect_url_path?(target)
|
410
|
+
URI.parse(target)
|
411
|
+
target.starts_with?("/") && target !~ %r{//} && target !~ %r{./\z}
|
412
|
+
rescue URI::InvalidURIError
|
413
|
+
false
|
414
|
+
end
|
408
415
|
end
|
@@ -240,8 +240,24 @@ class ArtefactTest < ActiveSupport::TestCase
|
|
240
240
|
artefact.redirect_url = "/foobar"
|
241
241
|
assert artefact.valid?
|
242
242
|
|
243
|
+
artefact.redirect_url = "/foobar?an=argument"
|
244
|
+
assert artefact.valid?
|
245
|
+
|
246
|
+
artefact.redirect_url = "/foobar#chapter"
|
247
|
+
assert artefact.valid?
|
248
|
+
|
243
249
|
artefact.redirect_url = "http://foo.bar/"
|
244
250
|
refute artefact.valid?
|
251
|
+
|
252
|
+
[
|
253
|
+
"\jkhsdfgjkhdjskfgh//fdf#th",
|
254
|
+
"not a URL path",
|
255
|
+
"bar/baz",
|
256
|
+
"/foo//bar",
|
257
|
+
].each do |invalid_path|
|
258
|
+
artefact.redirect_url = invalid_path
|
259
|
+
refute artefact.valid?
|
260
|
+
end
|
245
261
|
end
|
246
262
|
|
247
263
|
test "should translate kind into internally normalised form" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: govuk_content_models
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 31.
|
4
|
+
version: 31.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paul Battley
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-10-
|
11
|
+
date: 2015-10-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bson_ext
|