Security: Response Splitting

Apply a patch to close the Response Splitting vulnerability in Rails. See http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
2008-10-20 14:22:17 -05:00 · 2008-10-20 14:22:17 -05:00 · 8d1d8a5693
parent 2fb41f12ce
commit 8d1d8a5693
1 changed files with 2 additions and 2 deletions
--- a/vendor/rails/actionpack/lib/action_controller/response.rb
+++ b/vendor/rails/actionpack/lib/action_controller/response.rb
@ -30,9 +30,9 @@ module ActionController

    def redirect(to_url, response_status)
      self.headers["Status"] = response_status
-      self.headers["Location"] = to_url
+      self.headers["Location"] = to_url.gsub(/[\r\n]/, '')

-      self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
+      self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
    end

    def prepare!