soundsoftware-site: app/controllers/application

Fix some merge/runtime problems

author	Chris Cannam <chris.cannam@soundsoftware.ac.uk>
date	Tue, 09 Sep 2014 14:27:58 +0100
parents	a1bdbf8a87d5
children

comparison

equal deleted inserted replaced

-:a1bdbf8a87d5
+:2354ddf5a483
 end
 def redirect_back_or_default(default, options={})
 back_url = params[:back_url].to_s
 if back_url.present? && valid_back_url?(back_url)
+begin
+uri = URI.parse(back_url)
+# do not redirect user to another host or to the login or register page
+if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
 # soundsoftware: if back_url is the home page,
 # change it to My Page (#125)
 if (uri.path == home_path)
 if (uri.path =~ /\/$/)
 uri.path = uri.path + "my"
 # switch back_url to https to ensure cookie validity (#83)
 if (uri.scheme == "http") && (URI.parse(request.url).scheme == "https")
 uri.scheme = "https"
 end
 back_url = uri.to_s
 redirect_to(back_url)
 return
+end
+rescue URI::InvalidURIError
+logger.warn("Could not redirect to invalid URL #{back_url}")
+# redirect to default
+end
 elsif options[:referer]
 redirect_to_referer_or default
 return
 end
 redirect_to default

Mercurial > hg > soundsoftware-site