diff options
| author | Go MAEDA <maeda@farend.jp> | 2025-01-28 05:49:12 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2025-01-28 05:49:12 +0000 |
| commit | 7ccf349e36daf81af53a24dedec8dd62e3e44e43 (patch) | |
| tree | d13b73909b7de1b002ca9cf6ec14b0e3a4a1b272 | |
| parent | 11b949c574db3b64ecd90a4efbbca215a857d325 (diff) | |
| download | redmine-7ccf349e36daf81af53a24dedec8dd62e3e44e43.tar.gz redmine-7ccf349e36daf81af53a24dedec8dd62e3e44e43.zip | |
Redirection after signing in fails when the back_url includes a port number (#41930).
Patch by Kenta Kumojima (user:kumojima) and Go MAEDA (user:maeda).
git-svn-id: https://svn.redmine.org/redmine/trunk@23465 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/application_controller.rb | 6 | ||||
| -rw-r--r-- | test/functional/account_controller_test.rb | 18 |
2 files changed, 20 insertions, 4 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a3eaec4bb..83b30d45d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -511,11 +511,9 @@ class ApplicationController < ActionController::Base if uri.send(component).present? && uri.send(component) != request.send(component) return false end - - uri.send(:"#{component}=", nil) end - # Always ignore basic user:password in the URL - uri.userinfo = nil + # Remove unnecessary components to convert the URL into a relative URL + uri.omit!(:scheme, :userinfo, :host, :port) rescue Addressable::URI::InvalidURIError return false end diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index e62dce943..31ba88fb5 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -658,4 +658,22 @@ class AccountControllerTest < Redmine::ControllerTest end end end + + def test_validate_back_url + request.host = 'example.com' + + assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com/admin') + assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com/admin') + assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com/issues?query_id=1#top') + assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com/issues') + end + + def test_validate_back_url_with_port + request.host = 'example.com:3000' + + assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com:3000/admin') + assert_equal '/admin', @controller.send(:validate_back_url, 'http://dlopper:foo@example.com:3000/admin') + assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com:3000/issues?query_id=1#top') + assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com:3000/issues') + end end |