Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

open-uri https redirect fix in ruby

View open-uri redirectable
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
MIME-Version: 1.0
Received: by 10.52.73.106 with HTTP; Mon, 30 Jan 2012 07:18:51 -0800 (PST)
Date: Mon, 30 Jan 2012 16:18:51 +0100
Delivered-To: azet@azet.org
Message-ID: <CAN8NK9HxUcLK2CK8zeWniUYkejcWraORxy-D+jc1kZtYZWbsnA@mail.gmail.com>
Subject: bugfix in open-uri redirects (ruby)
From: Aaron Zauner <azet@azet.org>
To: Tanaka Akira <akr@m17n.org>
Content-Type: text/plain; charset=ISO-8859-1
 
hi,
 
open-uri raises an exception if an http/s redirect refers to https.
 
quickfix:
--code--
# this is taken from the original ruby open-uri class,
# fixed this to support secure socket http redirects:
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--code--
 
(just added https to the regex. check)
 
so long,
azet
View open-uri redirectable
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
MIME-Version: 1.0
Received: by 10.52.73.106 with HTTP; Mon, 30 Jan 2012 07:18:51 -0800 (PST)
Date: Mon, 30 Jan 2012 16:18:51 +0100
Delivered-To: azet@azet.org
Message-ID: <CAN8NK9HxUcLK2CK8zeWniUYkejcWraORxy-D+jc1kZtYZWbsnA@mail.gmail.com>
Subject: bugfix in open-uri redirects (ruby)
From: Aaron Zauner <azet@azet.org>
To: Tanaka Akira <akr@m17n.org>
Content-Type: text/plain; charset=ISO-8859-1
 
hi,
 
open-uri raises an exception if an http/s redirect refers to https.
 
quickfix:
--code--
# this is taken from the original ruby open-uri class,
# fixed this to support secure socket http redirects:
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--code--
 
(just added https to the regex. check)
 
so long,
azet
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.