mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Sanitize the URLs passed to redirect_to to prevent a potential response spli 

CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers
This commit is contained in:
Michael Koziarski 2008-10-14 11:47:27 +02:00
parent e8577991dc
commit 7282ed863c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
actionpack/lib/action_controller/response.rb
View File

@ -30,9 +30,9 @@ module ActionController
def redirect(to_url, response_status)
self.headers["Status"] = response_status
self.headers["Location"] = to_url
self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
end
def prepare!