Merge pull request rails#51173 from gmcgibbon/fix_uri_parse_redirect

gmcgibbon · web-flow · commit bc7dea8c4cc8 · 2024-02-23T15:39:18.000-06:00
Handle bad URIs when filtering redirects
diff --git a/actionpack/lib/action_dispatch/http/filter_redirect.rb b/actionpack/lib/action_dispatch/http/filter_redirect.rb
@@ -42,6 +42,8 @@ def parameter_filtered_location
           end
         end
         uri.to_s
+      rescue URI::Error
+        FILTERED
       end
     end
   end
diff --git a/actionpack/test/controller/log_subscriber_test.rb b/actionpack/test/controller/log_subscriber_test.rb
@@ -36,6 +36,10 @@ def filterable_redirector_with_params
       redirect_to "http://secret.foo.bar?username=repinel&password=1234"
     end
 
+    def filterable_redirector_bad_uri
+      redirect_to " s:/invalid-string0uri"
+    end
+
     def data_sender
       send_data "cool data", filename: "file.txt"
     end
@@ -296,6 +300,16 @@ def test_filter_redirect_params_by_regexp
     assert_equal "Redirected to http://secret.foo.bar?username=repinel&password=[FILTERED]", logs[1]
   end
 
+  def test_filter_redirect_bad_uri
+    @request.env["action_dispatch.parameter_filter"] = [/pass.+/]
+
+    get :filterable_redirector_bad_uri
+    wait
+
+    assert_equal 3, logs.size
+    assert_equal "Redirected to [FILTERED]", logs[1]
+  end
+
   def test_send_data
     get :data_sender
     wait
