Replaces @URI.parse@ with @Addressable::URI.parse(url)@ to enhance robustness of...

author Marius Balteanu <marius.balteanu@zitec.com>

Tue, 13 Feb 2024 23:17:09 +0000 (23:17 +0000)

committer Marius Balteanu <marius.balteanu@zitec.com>

Tue, 13 Feb 2024 23:17:09 +0000 (23:17 +0000)
author Marius Balteanu <marius.balteanu@zitec.com>
Tue, 13 Feb 2024 23:17:09 +0000 (23:17 +0000)
committer Marius Balteanu <marius.balteanu@zitec.com>
Tue, 13 Feb 2024 23:17:09 +0000 (23:17 +0000)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb

index ad16b0e77e61082fdf2a90e1893ac6a99f947980..29c14f61231aec48b55a1c2715337e3089673fce 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -502,20 +502,19 @@ class ApplicationController < ActionController::Base
      end
  
      begin
-      uri = URI.parse(back_url)
-    rescue URI::InvalidURIError
-      return false
-    end
+      uri = Addressable::URI.parse(back_url)
+      [:scheme, :host, :port].each do |component|
+        if uri.send(component).present? && uri.send(component) != request.send(component)
+          return false
+        end
  
-    [:scheme, :host, :port].each do |component|
-      if uri.send(component).present? && uri.send(component) != request.send(component)
-        return false
+        uri.send(:"#{component}=", nil)
        end
-
-      uri.send(:"#{component}=", nil)
+      # Always ignore basic user:password in the URL
+      uri.userinfo = nil
+    rescue Addressable::URI::InvalidURIError
+      return false
      end
-    # Always ignore basic user:password in the URL
-    uri.userinfo = nil
  
      path = uri.to_s
      # Ensure that the remaining URL starts with a slash, followed by a
author	Marius Balteanu <marius.balteanu@zitec.com>
	Tue, 13 Feb 2024 23:17:09 +0000 (23:17 +0000)
committer	Marius Balteanu <marius.balteanu@zitec.com>
	Tue, 13 Feb 2024 23:17:09 +0000 (23:17 +0000)