safe_redirect 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: def94975a8c7c916dbf8d0a1f515d6c326648e11
|
|
4
|
+
data.tar.gz: d3dba9b3db5f6976130deb2c84fcdb985382bc0f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: af3862f529a3febcabe1e5e39452dc082c9ee4c82b34c25d08109fdfa3d7ea4e8f994169357a1edd666e1d0ac2aec3eec1264d72fcb08bff8d923992ac9f0d2f
|
|
7
|
+
data.tar.gz: af9e318bcfe8b2ee50678546b209fa68295f937a4359bd0acece8297a6ae674811e4b6b386ad19a977f8dff6c3270659e56c48ee3c2c43fd523aa57f79b5d63c
|
|
@@ -2,20 +2,16 @@ module SafeRedirect
|
|
|
2
2
|
def safe_domain?(path)
|
|
3
3
|
path =~ /^\// && !(path =~ /^\/\/+/) ||
|
|
4
4
|
SafeRedirect.configuration.domain_whitelists.any? do |w|
|
|
5
|
-
path =~ /^https?:\/\/#{w}($|\/.*)/
|
|
5
|
+
path =~ /^https?:\/\/#{w}($|\/.*)/i
|
|
6
6
|
end
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def safe_path(path)
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
|
|
16
|
-
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
|
|
17
|
-
stripped_path
|
|
18
|
-
end
|
|
10
|
+
case
|
|
11
|
+
when path.kind_of?(String)
|
|
12
|
+
clean_path(path)
|
|
13
|
+
when path.kind_of?(Symbol)
|
|
14
|
+
path
|
|
19
15
|
else
|
|
20
16
|
SafeRedirect.configuration.default_path
|
|
21
17
|
end
|
|
@@ -25,4 +21,15 @@ module SafeRedirect
|
|
|
25
21
|
super safe_path(path), options
|
|
26
22
|
rescue NoMethodError
|
|
27
23
|
end
|
|
28
|
-
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
|
|
27
|
+
def clean_path(path)
|
|
28
|
+
stripped_path = path.strip
|
|
29
|
+
unless safe_domain?(stripped_path)
|
|
30
|
+
stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
|
|
31
|
+
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
|
|
32
|
+
end
|
|
33
|
+
stripped_path
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
module SafeRedirect
|
|
2
|
-
VERSION = '0.1.
|
|
3
|
-
end
|
|
2
|
+
VERSION = '0.1.3'
|
|
3
|
+
end
|
|
@@ -6,7 +6,7 @@ module SafeRedirect
|
|
|
6
6
|
reset_config
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
-
it "default default_path is
|
|
9
|
+
it "default default_path is /" do
|
|
10
10
|
expect(SafeRedirect.configuration.default_path).to eq('/')
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -28,4 +28,4 @@ module SafeRedirect
|
|
|
28
28
|
expect(SafeRedirect.configuration.domain_whitelists).to eq(['www.bukalapak.com'])
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
|
-
end
|
|
31
|
+
end
|
|
@@ -46,6 +46,10 @@ module SafeRedirect
|
|
|
46
46
|
expect(Controller.safe_path('http://www.twitter.com')).to eq('http://www.twitter.com')
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
it "considers :back a safe path" do
|
|
50
|
+
expect(Controller.safe_path(:back)).to eq(:back)
|
|
51
|
+
end
|
|
52
|
+
|
|
49
53
|
it "considers https://www.bukalapak.com@google.com an unsafe path" do
|
|
50
54
|
expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('')
|
|
51
55
|
end
|
|
@@ -58,4 +62,4 @@ module SafeRedirect
|
|
|
58
62
|
Controller.redirect_to '/', notice: 'Back to home page'
|
|
59
63
|
end
|
|
60
64
|
end
|
|
61
|
-
end
|
|
65
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: safe_redirect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Edwin Tunggawan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|