Project

General

Profile

Actions

Bug #5950

closed

open-uri: https redirect fix

Added by azet (Aaron Zauner) almost 13 years ago. Updated about 7 years ago.

Status:
Closed
Target version:
-
ruby -v:
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
[ruby-core:42268]

Description

open-uri raises an exception if a http/s redirect refers to https.

original mail to the maintainer with a quickfix: https://gist.github.com/1704932

--snip--

this is taken from the original ruby open-uri class,

fixed this to support secure socket http redirects:

def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--snip--

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0