diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb index 40b5efa94a0..d8844047b8b 100644 --- a/app/controllers/static_controller.rb +++ b/app/controllers/static_controller.rb @@ -101,8 +101,7 @@ class StaticController < ApplicationController (uri.host.blank? || uri.host == forum_uri.host) && uri.path !~ /\./ - destination = uri.path - destination = "#{uri.path}?#{uri.query}" if uri.path =~ /new-topic/ || uri.path =~ /new-message/ || uri.path =~ /user-api-key/ + destination = "#{uri.path}#{uri.query ? "?#{uri.query}" : ""}" end rescue URI::Error # Do nothing if the URI is invalid diff --git a/spec/requests/static_controller_spec.rb b/spec/requests/static_controller_spec.rb index dce1d0531d6..8e4e10de460 100644 --- a/spec/requests/static_controller_spec.rb +++ b/spec/requests/static_controller_spec.rb @@ -262,6 +262,13 @@ describe StaticController do end end + context 'with a redirect path with query params' do + it 'redirects to the redirect path and preserves query params' do + post "/login.json", params: { redirect: '/foo?bar=1' } + expect(response).to redirect_to('/foo?bar=1') + end + end + context 'with a period to force a new host' do it 'redirects to the root path' do post "/login.json", params: { redirect: ".org/foo" }