Skip to content

Commit

Permalink
Fix URI encoding in StaticFileHandler#redirect_to (crystal-lang#5628)
Browse files Browse the repository at this point in the history
  • Loading branch information
@straight-shoota @chris-huxtable
straight-shoota authored and chris-huxtable committed Apr 6, 2018
1 parent 3bd45da commit bae8b42
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
9 changes: 9 additions & 0 deletions spec/std/http/server/handlers/static_file_handler_spec.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,4 +124,13 @@ describe HTTP::StaticFileHandler do
response.status_code.should eq(400)
end
end

it "handles invalid redirect path" do
response = handle HTTP::Request.new("GET", "test.txt%0A")
response.status_code.should eq(302)
response.headers["Location"].should eq "/test.txt%0A"

response = handle HTTP::Request.new("GET", "/test.txt%0A")
response.status_code.should eq(404)
end
end
2 changes: 1 addition & 1 deletion src/http/server/handlers/static_file_handler.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ class HTTP::StaticFileHandler
private def redirect_to(context, url)
context.response.status_code = 302

url = URI.escape(url) { |b| URI.unreserved?(b) || b != '/' }
url = URI.escape(url) { |byte| URI.unreserved?(byte) || byte.chr == '/' }
context.response.headers.add "Location", url
end

Expand Down

0 comments on commit bae8b42

Please sign in to comment.