safe_redirect 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: def94975a8c7c916dbf8d0a1f515d6c326648e11
|
|
4
|
+
data.tar.gz: d3dba9b3db5f6976130deb2c84fcdb985382bc0f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: af3862f529a3febcabe1e5e39452dc082c9ee4c82b34c25d08109fdfa3d7ea4e8f994169357a1edd666e1d0ac2aec3eec1264d72fcb08bff8d923992ac9f0d2f
|
|
7
|
+
data.tar.gz: af9e318bcfe8b2ee50678546b209fa68295f937a4359bd0acece8297a6ae674811e4b6b386ad19a977f8dff6c3270659e56c48ee3c2c43fd523aa57f79b5d63c
|
|
@@ -2,20 +2,16 @@ module SafeRedirect
|
|
|
2
2
|
def safe_domain?(path)
|
|
3
3
|
path =~ /^\// && !(path =~ /^\/\/+/) ||
|
|
4
4
|
SafeRedirect.configuration.domain_whitelists.any? do |w|
|
|
5
|
-
path =~ /^https?:\/\/#{w}($|\/.*)/
|
|
5
|
+
path =~ /^https?:\/\/#{w}($|\/.*)/i
|
|
6
6
|
end
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def safe_path(path)
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
|
|
16
|
-
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
|
|
17
|
-
stripped_path
|
|
18
|
-
end
|
|
10
|
+
case
|
|
11
|
+
when path.kind_of?(String)
|
|
12
|
+
clean_path(path)
|
|
13
|
+
when path.kind_of?(Symbol)
|
|
14
|
+
path
|
|
19
15
|
else
|
|
20
16
|
SafeRedirect.configuration.default_path
|
|
21
17
|
end
|
|
@@ -25,4 +21,15 @@ module SafeRedirect
|
|
|
25
21
|
super safe_path(path), options
|
|
26
22
|
rescue NoMethodError
|
|
27
23
|
end
|
|
28
|
-
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
|
|
27
|
+
def clean_path(path)
|
|
28
|
+
stripped_path = path.strip
|
|
29
|
+
unless safe_domain?(stripped_path)
|
|
30
|
+
stripped_path.gsub!(/https?:\/\/[a-z0-9\-\.:@]*/i, '')
|
|
31
|
+
stripped_path.gsub!(/^(data:|javascript:|\.|\/\/|@)+/i, '')
|
|
32
|
+
end
|
|
33
|
+
stripped_path
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
module SafeRedirect
|
|
2
|
-
VERSION = '0.1.
|
|
3
|
-
end
|
|
2
|
+
VERSION = '0.1.3'
|
|
3
|
+
end
|
|
@@ -6,7 +6,7 @@ module SafeRedirect
|
|
|
6
6
|
reset_config
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
-
it "default default_path is
|
|
9
|
+
it "default default_path is /" do
|
|
10
10
|
expect(SafeRedirect.configuration.default_path).to eq('/')
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -28,4 +28,4 @@ module SafeRedirect
|
|
|
28
28
|
expect(SafeRedirect.configuration.domain_whitelists).to eq(['www.bukalapak.com'])
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
|
-
end
|
|
31
|
+
end
|
|
@@ -46,6 +46,10 @@ module SafeRedirect
|
|
|
46
46
|
expect(Controller.safe_path('http://www.twitter.com')).to eq('http://www.twitter.com')
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
+
it "considers :back a safe path" do
|
|
50
|
+
expect(Controller.safe_path(:back)).to eq(:back)
|
|
51
|
+
end
|
|
52
|
+
|
|
49
53
|
it "considers https://www.bukalapak.com@google.com an unsafe path" do
|
|
50
54
|
expect(Controller.safe_path('https://www.bukalapak.com@google.com')).to eq('')
|
|
51
55
|
end
|
|
@@ -58,4 +62,4 @@ module SafeRedirect
|
|
|
58
62
|
Controller.redirect_to '/', notice: 'Back to home page'
|
|
59
63
|
end
|
|
60
64
|
end
|
|
61
|
-
end
|
|
65
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: safe_redirect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Edwin Tunggawan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|