Create a gist now

Instantly share code, notes, and snippets.

open-uri https redirect fix in ruby
MIME-Version: 1.0
Received: by 10.52.73.106 with HTTP; Mon, 30 Jan 2012 07:18:51 -0800 (PST)
Date: Mon, 30 Jan 2012 16:18:51 +0100
Delivered-To: azet@azet.org
Message-ID: <CAN8NK9HxUcLK2CK8zeWniUYkejcWraORxy-D+jc1kZtYZWbsnA@mail.gmail.com>
Subject: bugfix in open-uri redirects (ruby)
From: Aaron Zauner <azet@azet.org>
To: Tanaka Akira <akr@m17n.org>
Content-Type: text/plain; charset=ISO-8859-1
hi,
open-uri raises an exception if an http/s redirect refers to https.
quickfix:
--code--
# this is taken from the original ruby open-uri class,
# fixed this to support secure socket http redirects:
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--code--
(just added https to the regex. check)
so long,
azet
MIME-Version: 1.0
Received: by 10.52.73.106 with HTTP; Mon, 30 Jan 2012 07:18:51 -0800 (PST)
Date: Mon, 30 Jan 2012 16:18:51 +0100
Delivered-To: azet@azet.org
Message-ID: <CAN8NK9HxUcLK2CK8zeWniUYkejcWraORxy-D+jc1kZtYZWbsnA@mail.gmail.com>
Subject: bugfix in open-uri redirects (ruby)
From: Aaron Zauner <azet@azet.org>
To: Tanaka Akira <akr@m17n.org>
Content-Type: text/plain; charset=ISO-8859-1
hi,
open-uri raises an exception if an http/s redirect refers to https.
quickfix:
--code--
# this is taken from the original ruby open-uri class,
# fixed this to support secure socket http redirects:
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--code--
(just added https to the regex. check)
so long,
azet
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment