summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGo MAEDA <maeda@farend.jp>2025-01-28 07:49:07 +0000
committerGo MAEDA <maeda@farend.jp>2025-01-28 07:49:07 +0000
commit8964c2e7fc7f41acc67f91fbd73ce64b9eb552e2 (patch)
treeea2c20f4dbed1a4723d6956d78c3b7b23adde9dc
parent13f6cea750a600a3ec4f5c3c58e0641ad51800e6 (diff)
downloadredmine-8964c2e7fc7f41acc67f91fbd73ce64b9eb552e2.tar.gz
redmine-8964c2e7fc7f41acc67f91fbd73ce64b9eb552e2.zip
Merged r23465 from trunk to 6.0-stable (#41930).
git-svn-id: https://svn.redmine.org/redmine/branches/6.0-stable@23467 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat
-rw-r--r--app/controllers/application_controller.rb6
-rw-r--r--test/functional/account_controller_test.rb18
2 files changed, 20 insertions, 4 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 111c85bc5..7333590ad 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -509,11 +509,9 @@ class ApplicationController < ActionController::Base
if uri.send(component).present? && uri.send(component) != request.send(component)
return false
end
-
- uri.send(:"#{component}=", nil)
end
- # Always ignore basic user:password in the URL
- uri.userinfo = nil
+ # Remove unnecessary components to convert the URL into a relative URL
+ uri.omit!(:scheme, :userinfo, :host, :port)
rescue Addressable::URI::InvalidURIError
return false
end
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index e62dce943..31ba88fb5 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -658,4 +658,22 @@ class AccountControllerTest < Redmine::ControllerTest
end
end
end
+
+ def test_validate_back_url
+ request.host = 'example.com'
+
+ assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com/admin')
+ assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com/admin')
+ assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com/issues?query_id=1#top')
+ assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com/issues')
+ end
+
+ def test_validate_back_url_with_port
+ request.host = 'example.com:3000'
+
+ assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com:3000/admin')
+ assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com:3000/admin')
+ assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com:3000/issues?query_id=1#top')
+ assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com:3000/issues')
+ end
end
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-30 05:02:28 +0000