Rescue back_url param parsing on redirect.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2126 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 11 insertions, 4 deletions

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 36123ba47..494e3a26a 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -126,13 +126,20 @@ class ApplicationController < ActionController::Base
   def redirect_back_or_default(default)
     back_url = CGI.unescape(params[:back_url].to_s)
     if !back_url.blank?
-      uri = URI.parse(back_url)
-      # do not redirect user to another host or to the login or register page
-      if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
-        redirect_to(back_url) and return
+      begin
+        uri = URI.parse(back_url)
+        # do not redirect user to another host or to the login or register page
+        if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
+          redirect_to(back_url) and return
+        end
+      rescue URI::InvalidURIError
+        # redirect to default
       end
     end
     redirect_to default
+  rescue 
+    
+    
   end
   
   def render_403