Module: InternalRedirect

Extended by:

ActiveSupport::Concern

Included in:

Admin::ApplicationSettingsController, Admin::PlanLimitsController, Admin::SessionsController, ContinueParams, OmniauthCallbacksController, Projects::Settings::IntegrationsController, SessionsController, Users::TermsController, UsersController

Defined in:

app/controllers/concerns/internal_redirect.rb

Instance Method Summary

• #full_path_for_uri(uri) ⇒ Object
• #host_allowed?(uri) ⇒ Boolean
• #referer_path(request) ⇒ Object
• #safe_redirect_path(path) ⇒ Object
• #safe_redirect_path_for_url(url) ⇒ Object
• #sanitize_redirect(url_or_path) ⇒ Object

Instance Method Details

#full_path_for_uri(uri) ⇒ Object

# File 'app/controllers/concerns/internal_redirect.rb', line 37

def full_path_for_uri(uri)
  path_with_query = [uri.path, uri.query].compact.join('?')
  [path_with_query, uri.fragment].compact.join("#")
end

#host_allowed?(uri) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/concerns/internal_redirect.rb', line 32

def host_allowed?(uri)
  uri.host == request.host &&
    uri.port == request.port
end

#referer_path(request) ⇒ Object

# File 'app/controllers/concerns/internal_redirect.rb', line 42

def referer_path(request)
  return unless request.referer.presence

  URI(request.referer).path
end

#safe_redirect_path(path) ⇒ Object

# File 'app/controllers/concerns/internal_redirect.rb', line 6

def safe_redirect_path(path)
  return unless path
  # Verify that the string starts with a `/` and a known route character.
  return unless %r{\A/[-\w].*\z}.match?(path)

  uri = URI(path)
  # Ignore anything path of the redirect except for the path, querystring and,
  # fragment, forcing the redirect within the same host.
  full_path_for_uri(uri)
rescue URI::InvalidURIError
  nil
end

#safe_redirect_path_for_url(url) ⇒ Object

# File 'app/controllers/concerns/internal_redirect.rb', line 19

def safe_redirect_path_for_url(url)
  return unless url

  uri = URI(url)
  safe_redirect_path(full_path_for_uri(uri)) if host_allowed?(uri)
rescue URI::InvalidURIError
  nil
end

#sanitize_redirect(url_or_path) ⇒ Object

# File 'app/controllers/concerns/internal_redirect.rb', line 28

def sanitize_redirect(url_or_path)
  safe_redirect_path(url_or_path) || safe_redirect_path_for_url(url_or_path)
end