Module: SafeRedirect
- Defined in:
- lib/safe_redirect/version.rb,
lib/safe_redirect/configuration.rb,
lib/safe_redirect/safe_redirect.rb
Defined Under Namespace
Classes: Configuration
Constant Summary collapse
- VERSION =
'0.2.6'
Class Attribute Summary collapse
Class Method Summary collapse
Instance Method Summary collapse
Class Attribute Details
.configuration ⇒ Object
5 6 7 |
# File 'lib/safe_redirect/configuration.rb', line 5 def configuration @configuration ||= Configuration.new end |
Class Method Details
.configure {|configuration| ... } ⇒ Object
9 10 11 |
# File 'lib/safe_redirect/configuration.rb', line 9 def configure yield(configuration) end |
Instance Method Details
#redirect_to(path, options = {}) ⇒ Object
40 41 42 43 44 45 46 47 |
# File 'lib/safe_redirect/safe_redirect.rb', line 40 def redirect_to(path, ={}) target = [:safe] ? path : safe_path(path) log("Unsafe redirect path modified to #{target} from #{path}", :warn) if target != path super target, rescue NoMethodError end |
#safe_domain?(uri) ⇒ Boolean
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/safe_redirect/safe_redirect.rb', line 4 def safe_domain?(uri) return true if valid_uri?(uri) return false if uri.host.nil? SafeRedirect.configuration.domain_whitelists.any? do |domain| if domain.include?("*") rf = domain.split(/(\*)/).map{ |f| f == "*" ? "[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]?" : Regexp.escape(f) } regexp = Regexp.new("\\A#{rf.join}\\z") safe = uri.host.match(regexp) # if domain starts with *. and contains no other wildcards, include the # naked domain too (e.g. foo.org when *.foo.org is the whitelist) if domain =~ /\A\*\.[^\*]+\z/ naked_domain = domain.gsub("*.", "") safe || uri.host == naked_domain else safe end else uri.host == domain end end end |
#safe_path(path) ⇒ Object
29 30 31 32 33 34 35 36 37 38 |
# File 'lib/safe_redirect/safe_redirect.rb', line 29 def safe_path(path) case path when String clean_path(path) when Hash sanitize_hash(path) else path end end |