cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make safe_referer handle invalid URIs

Browse source
This commit is contained in:
Tom Hughes 2021-11-23 11:27:02 +00:00
parent 88f156a41a
commit d951621c44
1 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
app/controllers/application_controller.rb
View file

@ -381,18 +381,22 @@ class ApplicationController < ActionController::Base
# clean any referer parameter
def safe_referer(referer)
referer = URI.parse(referer)
begin
referer = URI.parse(referer)
if referer.scheme == "http" || referer.scheme == "https"
referer.scheme = nil
referer.host = nil
referer.port = nil
elsif referer.scheme || referer.host || referer.port
if referer.scheme == "http" || referer.scheme == "https"
referer.scheme = nil
referer.host = nil
referer.port = nil
elsif referer.scheme || referer.host || referer.port
referer = nil
end
referer = nil if referer&.path&.first != "/"
rescue URI::InvalidURIError
referer = nil
end
referer = nil if referer&.path&.first != "/"
referer.to_s
end