Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue.

Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2934 and https://gitlab.com/gitlab-org/gitlab/issues/33569
author: Joern Schneeweisz <jschneeweisz@gitlab.com> 2019-10-22 15:09:57 +0300
committer: Joern Schneeweisz <jschneeweisz@gitlab.com> 2019-10-22 15:11:26 +0300
commit: 4b38003d412c6982041c5c3b204d38ed7f53e299 (patch)
tree: 99ae22cf4562ebf32ae48cf579476b0ce443893c /spec
parent: 1425a56c75beecaa289ad59587d636f8f469509e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/spec/controllers/concerns/internal_redirect_spec.rb b/spec/controllers/concerns/internal_redirect_spec.rb
index da68c8c8697..e5e50cfd55e 100644
--- a/spec/controllers/concerns/internal_redirect_spec.rb
+++ b/spec/controllers/concerns/internal_redirect_spec.rb
@@ -19,7 +19,8 @@ describe InternalRedirect do
       [
         'Hello world',
         '//example.com/hello/world',
-        'https://example.com/hello/world'
+        'https://example.com/hello/world',
+        "not-starting-with-a-slash\n/starting/with/slash"
       ]
     end
author	Joern Schneeweisz <jschneeweisz@gitlab.com>	2019-10-22 15:09:57 +0300
committer	Joern Schneeweisz <jschneeweisz@gitlab.com>	2019-10-22 15:11:26 +0300
commit	4b38003d412c6982041c5c3b204d38ed7f53e299 (patch)
tree	99ae22cf4562ebf32ae48cf579476b0ce443893c /spec
parent	1425a56c75beecaa289ad59587d636f8f469509e (diff)