Handle invalid URIs. Closes #78

tobmatth · Apr 13, 2015 · 6e94dec · 6e94dec
1 parent 31d5005
commit 6e94dec
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/lib/rack/ssl-enforcer.rb b/lib/rack/ssl-enforcer.rb
@@ -92,6 +92,8 @@ def modify_location_and_redirect
       location = replace_scheme(location, @scheme)
       location = replace_host(location, @options[:redirect_to])
       redirect_to(location)
+    rescue URI::InvalidURIError
+      [400, { 'Content-Type' => 'text/plain'}, []]
     end
 
     def redirect_to(location)

diff --git a/test/rack-ssl-enforcer_test.rb b/test/rack-ssl-enforcer_test.rb
@@ -1061,4 +1061,12 @@ def self.startup
       assert_equal last_response.body, '<html><body>Hello!</body></html>'
     end
   end
+
+  context 'invalid urls' do
+    should 'return HTTP 400 for invalid URIs' do
+      response    = Rack::SslEnforcer.new(nil).call('PATH_INFO' => 'http://www.example.org/<lan')
+      status_code = response.first
+      assert_equal status_code, 400
+    end
+  end
 end