Ruby Issue Tracking System: Issueshttps://redmine.ruby-lang.org/https://redmine.ruby-lang.org/favicon.ico?17113305112012-01-31T00:33:19ZRuby Issue Tracking System
Redmine Ruby master - Bug #5950 (Closed): open-uri: https redirect fix https://redmine.ruby-lang.org/issues/59502012-01-31T00:33:19Zazet (Aaron Zauner)azet@azet.org
<p>open-uri raises an exception if a http/s redirect refers to https.</p>
<p>original mail to the maintainer with a quickfix: <a href="https://gist.github.com/1704932" class="external">https://gist.github.com/1704932</a></p>
<p>--snip--</p>
<a name="this-is-taken-from-the-original-ruby-open-uri-class"></a>
<h1 >this is taken from the original ruby open-uri class,<a href="#this-is-taken-from-the-original-ruby-open-uri-class" class="wiki-anchor">¶</a></h1>
<a name="fixed-this-to-support-secure-socket-http-redirects"></a>
<h1 >fixed this to support secure socket http redirects:<a href="#fixed-this-to-support-secure-socket-http-redirects" class="wiki-anchor">¶</a></h1>
<p>def OpenURI.redirectable?(uri1, uri2) # :nodoc:<br>
# This test is intended to forbid a redirection from http://... to<br>
# file:///etc/passwd.<br>
# However this is ad hoc. It should be extensible/configurable.<br>
uri1.scheme.downcase == uri2.scheme.downcase ||<br>
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~<br>
uri2.scheme)<br>
end<br>
--snip--</p>