# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require 'uri'
+require 'cgi'
class ApplicationController < ActionController::Base
layout 'base'
end
def redirect_back_or_default(default)
- back_url = params[:back_url]
+ back_url = CGI.unescape(params[:back_url].to_s)
if !back_url.blank?
uri = URI.parse(back_url)
# do not redirect user to another host
@time_entry.attributes = params[:time_entry]
if request.post? and @time_entry.save
flash[:notice] = l(:notice_successful_update)
- redirect_to(params[:back_url].blank? ? {:action => 'details', :project_id => @time_entry.project} : params[:back_url])
+ redirect_back_or_default :action => 'details', :project_id => @time_entry.project
return
end
end
def test_login_should_redirect_to_back_url_param
# request.uri is "test.host" in test environment
- post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1'
+ post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1'
assert_redirected_to '/issues/show/1'
end
def test_login_should_not_redirect_to_another_host
- post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake'
+ post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake'
assert_redirected_to '/my/page'
end
projects / redmine.git / commitdiff