Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: handle array in redirect param

This commit is contained in:
Arpit Jalan 2019-06-11 17:10:16 +05:30
parent f4fd75aea4
commit e2636f0ec7
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/static_controller.rb
View File

@ -89,10 +89,11 @@ class StaticController < ApplicationController
destination = path("/") destination = path("/")
if params[:redirect].present? && !params[:redirect].match(login_path) redirect_location = params[:redirect].to_s
if redirect_location.present? && !redirect_location.match(login_path)
begin begin
forum_uri = URI(Discourse.base_url) forum_uri = URI(Discourse.base_url)
uri = URI(params[:redirect]) uri = URI(redirect_location)
if uri.path.present? && if uri.path.present? &&
(uri.host.blank? || uri.host == forum_uri.host) && (uri.host.blank? || uri.host == forum_uri.host) &&

7
spec/requests/static_controller_spec.rb
View File

@ -283,6 +283,13 @@ describe StaticController do
end end
end end
context 'with an array' do
it "redirects to the root" do
post "/login.json", params: { redirect: ["/foo"] }
expect(response).to redirect_to('/')
end
end
context 'when the redirect path is the login page' do context 'when the redirect path is the login page' do
it 'redirects to the root url' do it 'redirects to the root url' do
post "/login.json", params: { redirect: login_path } post "/login.json", params: { redirect: login_path }