diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/users_controller.rb | 2 | ||||
| -rw-r--r-- | app/views/users/index.html.erb | 2 | ||||
| -rw-r--r-- | test/functional/account_controller_test.rb | 4 |
4 files changed, 5 insertions, 5 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0e5f6ba54..d6efa4124 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -300,7 +300,7 @@ class ApplicationController < ActionController::Base end def redirect_back_or_default(default) - back_url = params[:back_url].to_s + back_url = CGI.unescape(params[:back_url].to_s) if !back_url.blank? begin uri = URI.parse(back_url) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index da6f6ae28..a56371c5f 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -174,7 +174,7 @@ class UsersController < ApplicationController def destroy @user.destroy respond_to do |format| - format.html { redirect_back_or_default(users_url) } + format.html { redirect_to_referer_or(users_url) } format.api { render_api_ok } end end diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb index f88b5231e..a477a5c90 100644 --- a/app/views/users/index.html.erb +++ b/app/views/users/index.html.erb @@ -46,7 +46,7 @@ <td class="last_login_on" align="center"><%= format_time(user.last_login_on) unless user.last_login_on.nil? %></td> <td class="buttons"> <%= change_status_link(user) %> - <%= delete_link user_path(user, :back_url => users_path(params)) unless User.current == user %> + <%= delete_link user_path(user) unless User.current == user %> </td> </tr> <% end -%> diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 7b5a449e5..f48e4b3a6 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -33,12 +33,12 @@ class AccountControllerTest < ActionController::TestCase def test_login_should_redirect_to_back_url_param # request.uri is "test.host" in test environment - post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.host/issues/show/1' + post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.host%2Fissues%2Fshow%2F1' assert_redirected_to '/issues/show/1' end def test_login_should_not_redirect_to_another_host - post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http://test.foo/fake' + post :login, :username => 'jsmith', :password => 'jsmith', :back_url => 'http%3A%2F%2Ftest.foo%2Ffake' assert_redirected_to '/my/page' end |