Skip to content

@azet /open-uri redirectable
Created

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
open-uri https redirect fix in ruby
MIME-Version: 1.0
Received: by 10.52.73.106 with HTTP; Mon, 30 Jan 2012 07:18:51 -0800 (PST)
Date: Mon, 30 Jan 2012 16:18:51 +0100
Delivered-To: azet@azet.org
Message-ID: <CAN8NK9HxUcLK2CK8zeWniUYkejcWraORxy-D+jc1kZtYZWbsnA@mail.gmail.com>
Subject: bugfix in open-uri redirects (ruby)
From: Aaron Zauner <azet@azet.org>
To: Tanaka Akira <akr@m17n.org>
Content-Type: text/plain; charset=ISO-8859-1
hi,
open-uri raises an exception if an http/s redirect refers to https.
quickfix:
--code--
# this is taken from the original ruby open-uri class,
# fixed this to support secure socket http redirects:
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--code--
(just added https to the regex. check)
so long,
azet
MIME-Version: 1.0
Received: by 10.52.73.106 with HTTP; Mon, 30 Jan 2012 07:18:51 -0800 (PST)
Date: Mon, 30 Jan 2012 16:18:51 +0100
Delivered-To: azet@azet.org
Message-ID: <CAN8NK9HxUcLK2CK8zeWniUYkejcWraORxy-D+jc1kZtYZWbsnA@mail.gmail.com>
Subject: bugfix in open-uri redirects (ruby)
From: Aaron Zauner <azet@azet.org>
To: Tanaka Akira <akr@m17n.org>
Content-Type: text/plain; charset=ISO-8859-1
hi,
open-uri raises an exception if an http/s redirect refers to https.
quickfix:
--code--
# this is taken from the original ruby open-uri class,
# fixed this to support secure socket http redirects:
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--code--
(just added https to the regex. check)
so long,
azet
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.