From 6e698315d68e0319d95571908dc28a656f1ab0d9 Mon Sep 17 00:00:00 2001 From: riking Date: Sat, 14 Jun 2014 10:51:06 -0700 Subject: [PATCH] Allow all /my URLs Previously, URLs like /my/activity/posts were denied. This change allows those URLs. --- app/controllers/users_controller.rb | 2 +- config/routes.rb | 2 +- spec/controllers/users_controller_spec.rb | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 9f9c907b97b..1f659c62211 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -81,7 +81,7 @@ class UsersController < ApplicationController end def my_redirect - if current_user.present? && params[:path] =~ /^[a-z\-]+$/ + if current_user.present? && params[:path] =~ /^[a-z\-\/]+$/ redirect_to "/users/#{current_user.username}/#{params[:path]}" return end diff --git a/config/routes.rb b/config/routes.rb index 81c8163b14b..b26263e8b06 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -185,7 +185,7 @@ Discourse::Application.routes.draw do get "users/activate-account/:token" => "users#activate_account" get "users/authorize-email/:token" => "users#authorize_email" get "users/hp" => "users#get_honeypot_value" - get "my/:path", to: 'users#my_redirect' + get "my/*path", to: 'users#my_redirect' get "user_preferences" => "users#user_preferences_redirect" get "users/:username/private-messages" => "user_actions#private_messages", constraints: {username: USERNAME_ROUTE_FORMAT} diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index d1ea2af32c0..b4e1e5e0639 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -1330,6 +1330,11 @@ describe UsersController do get :my_redirect, path: "preferences" response.should be_redirect end + + it "permits forward slashes" do + get :my_redirect, path: "activity/posts" + response.should be_redirect + end end end