IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

extract url escaping to a dedicated class method and improved tests

Browse Source
This commit is contained in:
Arpit Jalan
2017-07-29 22:12:04 +05:30
parent 1fe553873c
commit b059a0f789
2 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/final_destination.rb
View File

@@ -10,9 +10,10 @@ class FinalDestination
attr_reader :cookie
def initialize(url, opts = nil)
@url = url
@uri =
begin
URI(URI.escape(CGI.unescapeHTML(url), Regexp.new("[^#{URI::PATTERN::UNRESERVED}#{URI::PATTERN::RESERVED}#]"))) if url
URI(escape_url) if @url
rescue URI::InvalidURIError
end
@@ -176,6 +177,10 @@ class FinalDestination
false
end
def escape_url
URI.escape(CGI.unescapeHTML(@url), Regexp.new("[^#{URI::PATTERN::UNRESERVED}#{URI::PATTERN::RESERVED}#]"))
end
def private_ranges
FinalDestination.standard_private_ranges +
SiteSetting.blacklist_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact