FIX: Run the regular expression against query parameters
This commit is contained in:
parent
39de27a4b2
commit
20241a01e9
|
@ -24,9 +24,13 @@ class EmbeddableHost < ActiveRecord::Base
|
|||
uri = URI(url) rescue nil
|
||||
return false unless uri.present?
|
||||
|
||||
path = uri.path
|
||||
path << "?" << uri.query if uri.query.present?
|
||||
|
||||
host = record_for_url(uri)
|
||||
|
||||
return host.present? &&
|
||||
(host.path_whitelist.blank? || !Regexp.new(host.path_whitelist).match(uri.path).nil?)
|
||||
(host.path_whitelist.blank? || !Regexp.new(host.path_whitelist).match(path).nil?)
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -66,13 +66,17 @@ describe EmbeddableHost do
|
|||
end
|
||||
|
||||
describe "path_whitelist" do
|
||||
let!(:host) { Fabricate(:embeddable_host, path_whitelist: '^/fp/\d{4}/\d{2}/\d{2}/.*$') }
|
||||
|
||||
it "matches the path" do
|
||||
Fabricate(:embeddable_host, path_whitelist: '^/fp/\d{4}/\d{2}/\d{2}/.*$')
|
||||
expect(EmbeddableHost.url_allowed?('http://eviltrout.com')).to eq(false)
|
||||
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp/2016/08/25/test-page')).to eq(true)
|
||||
end
|
||||
|
||||
it "respects query parameters" do
|
||||
Fabricate(:embeddable_host, path_whitelist: '^/fp$')
|
||||
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp?test=1')).to eq(false)
|
||||
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp')).to eq(true)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue