diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:04 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:04 +0300 |
commit | 417e58fdc57523f11bb57f8aca7ff9121c3d3ee9 (patch) | |
tree | 285bf69c9bd0cbaf4efe6aaa03fa5cf93add6c2e /spec | |
parent | ca324614b5da3f1bb2fcab44cc6c483a712939b7 (diff) | |
parent | 34e4b5c549e549400c275baaba98d63421a46bff (diff) |
Merge branch 'security-open-redirect-internalredirect' into 'master'
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue.
Closes #2934
See merge request gitlab/gitlabhq!3466
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/concerns/internal_redirect_spec.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/spec/controllers/concerns/internal_redirect_spec.rb b/spec/controllers/concerns/internal_redirect_spec.rb index da68c8c8697..e5e50cfd55e 100644 --- a/spec/controllers/concerns/internal_redirect_spec.rb +++ b/spec/controllers/concerns/internal_redirect_spec.rb @@ -19,7 +19,8 @@ describe InternalRedirect do [ 'Hello world', '//example.com/hello/world', - 'https://example.com/hello/world' + 'https://example.com/hello/world', + "not-starting-with-a-slash\n/starting/with/slash" ] end |