Defect #31831 ยป 31831.patch
| app/controllers/application_controller.rb | ||
|---|---|---|
| 507 | 507 |
end |
| 508 | 508 | |
| 509 | 509 |
begin |
| 510 |
uri = URI.parse(back_url) |
|
| 511 |
rescue URI::InvalidURIError |
|
| 512 |
return false |
|
| 513 |
end |
|
| 510 |
uri = Addressable::URI.parse(back_url) |
|
| 511 |
[:scheme, :host, :port].each do |component| |
|
| 512 |
if uri.send(component).present? && uri.send(component) != request.send(component) |
|
| 513 |
return false |
|
| 514 |
end |
|
| 514 | 515 | |
| 515 |
[:scheme, :host, :port].each do |component| |
|
| 516 |
if uri.send(component).present? && uri.send(component) != request.send(component) |
|
| 517 |
return false |
|
| 516 |
uri.send(:"#{component}=", nil)
|
|
| 518 | 517 |
end |
| 519 | ||
| 520 |
uri.send(:"#{component}=", nil)
|
|
| 518 |
# Always ignore basic user:password in the URL |
|
| 519 |
uri.userinfo = nil |
|
| 520 |
rescue Addressable::URI::InvalidURIError |
|
| 521 |
return false |
|
| 521 | 522 |
end |
| 522 |
# Always ignore basic user:password in the URL |
|
| 523 |
uri.userinfo = nil |
|
| 524 | 523 | |
| 525 | 524 |
path = uri.to_s |
| 526 | 525 |
# Ensure that the remaining URL starts with a slash, followed by a |