ruby-changes:2297
From: ko1@a...
Date: 28 Oct 2007 21:56:29 +0900
Subject: [ruby-changes:2297] akr - Ruby:r13788 (trunk): * lib/open-uri.rb: :redirect option implemented to disable redirects.
akr 2007-10-28 21:55:51 +0900 (Sun, 28 Oct 2007)
New Revision: 13788
Modified files:
trunk/ChangeLog
trunk/lib/open-uri.rb
Log:
* lib/open-uri.rb: :redirect option implemented to disable redirects.
(OpenURI::HTTPRedirect): new exception class for redirection.
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=13788&r2=13787
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/open-uri.rb?r1=13788&r2=13787
Index: ChangeLog
===================================================================
--- ChangeLog (revision 13787)
+++ ChangeLog (revision 13788)
@@ -1,3 +1,8 @@
+Sun Oct 28 21:50:02 2007 Tanaka Akira <akr@f...>
+
+ * lib/open-uri.rb: :redirect option implemented to disable redirects.
+ (OpenURI::HTTPRedirect): new exception class for redirection.
+
Fri Oct 26 17:38:13 2007 Nobuyoshi Nakada <nobu@r...>
* numeric.c (int_chr): take an optional encoding parameter.
Index: lib/open-uri.rb
===================================================================
--- lib/open-uri.rb (revision 13787)
+++ lib/open-uri.rb (revision 13788)
@@ -99,6 +99,7 @@
:ssl_ca_cert => nil,
:ssl_verify_mode => nil,
:ftp_active_mode => false,
+ :redirect => true,
}
def OpenURI.check_options(options) # :nodoc:
@@ -199,6 +200,9 @@
# URI. It is converted to absolute URI using uri as a base URI.
redirect = uri + redirect
end
+ if !options.fetch(:redirect, true)
+ raise HTTPRedirect.new(buf.io.status.join(' '), buf.io, redirect)
+ end
unless OpenURI.redirectable?(uri, redirect)
raise "redirection forbidden: #{uri} -> #{redirect}"
end
@@ -222,6 +226,9 @@
def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
+ # https to http redirect is also forbidden intentionally.
+ # It avoids sending secure cookie or referer by non-secure HTTP protocol.
+ # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:http|ftp)\z/i =~ uri2.scheme)
@@ -334,6 +341,14 @@
attr_reader :io
end
+ class HTTPRedirect < HTTPError
+ def initialize(message, io, uri)
+ super(message, io)
+ @uri = uri
+ end
+ attr_reader :uri
+ end
+
class Buffer # :nodoc:
def initialize
@io = StringIO.new
@@ -606,6 +621,15 @@
# Note that the active mode is default in Ruby 1.8 or prior.
# Ruby 1.9 uses passive mode by default.
#
+ # [:redirect]
+ # Synopsis:
+ # :redirect=>bool
+ #
+ # :redirect=>false is used to disable HTTP redirects at all.
+ # OpenURI::HTTPRedirect exception raised on redirection.
+ # It is true by default.
+ # The true means redirectoins between http and ftp is permitted.
+ #
def open(*rest, &block)
OpenURI.open_uri(self, *rest, &block)
end
--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml