IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Unescape URI properly when redirecting to a category

Browse Source 
Currently, when a badly named category slug is provided, it can lead to
an infinite redirect.

This patch addresses the issue by properly unescaping `request.fullpath`
so the path is successfully rewritten and the redirect happens as
expected.
This commit is contained in:
Loïc Guitaut
2024-08-07 11:58:40 +02:00
committed by Loïc Guitaut
parent 75d11bfeba
commit e494bafed3
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
spec/requests/list_controller_spec.rb
View File

@@ -1239,6 +1239,14 @@ RSpec.describe ListController do
expect(response).to have_http_status :not_found
end
end
context "when provided slug is gibberish" do
it "redirects to the proper category" do
get "/c/summit'%22()&%25%3Czzz%3E%3CScRiPt%20%3EqlJ2(9585)%3C%2FScRiPt%3E/#{category.id}"
expect(response).to have_http_status :moved_permanently
expect(response).to redirect_to("/c/#{category.slug}/#{category.id}")
end
end
end
describe "shared drafts" do