Merge branch 'security-open-redirect-internalredirect' into 'master'

Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue. Closes #2934 See merge request gitlab/gitlabhq!3466
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-29 18:58:04 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-29 18:58:04 +0300
commit: 417e58fdc57523f11bb57f8aca7ff9121c3d3ee9 (patch)
tree: 285bf69c9bd0cbaf4efe6aaa03fa5cf93add6c2e /spec
parent: ca324614b5da3f1bb2fcab44cc6c483a712939b7 (diff)
parent: 34e4b5c549e549400c275baaba98d63421a46bff (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/spec/controllers/concerns/internal_redirect_spec.rb b/spec/controllers/concerns/internal_redirect_spec.rb
index da68c8c8697..e5e50cfd55e 100644
--- a/spec/controllers/concerns/internal_redirect_spec.rb
+++ b/spec/controllers/concerns/internal_redirect_spec.rb
@@ -19,7 +19,8 @@ describe InternalRedirect do
       [
         'Hello world',
         '//example.com/hello/world',
-        'https://example.com/hello/world'
+        'https://example.com/hello/world',
+        "not-starting-with-a-slash\n/starting/with/slash"
       ]
     end
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-29 18:58:04 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-29 18:58:04 +0300
commit	417e58fdc57523f11bb57f8aca7ff9121c3d3ee9 (patch)
tree	285bf69c9bd0cbaf4efe6aaa03fa5cf93add6c2e /spec
parent	ca324614b5da3f1bb2fcab44cc6c483a712939b7 (diff)
parent	34e4b5c549e549400c275baaba98d63421a46bff (diff)