URI encode before passing to URI object to deal with pathological URIs

tobmatth · Mar 6, 2014 · c39a72b · c39a72b
1 parent 2c9daa7
commit c39a72b
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/lib/rack/ssl-enforcer.rb b/lib/rack/ssl-enforcer.rb
@@ -109,7 +109,7 @@ def ssl_request?
 
     def destination_host
       if @options[:redirect_to]
-        host_parts = URI.split(@options[:redirect_to])
+        host_parts = URI.split(URI.encode(@options[:redirect_to]))
         host_parts[2] || host_parts[5]
       end
     end
@@ -153,7 +153,7 @@ def replace_scheme(uri, scheme)
       return uri if not scheme_mismatch?
 
       port = adjust_port_to(scheme)
-      uri_parts = URI.split(uri)
+      uri_parts = URI.split(URI.encode(uri))
       uri_parts[3] = port unless port.nil?
       uri_parts[0] = scheme
       URI::HTTP.new(*uri_parts).to_s
@@ -162,9 +162,9 @@ def replace_scheme(uri, scheme)
     def replace_host(uri, host)
       return uri unless host_mismatch?
 
-      host_parts = URI.split(host)
+      host_parts = URI.split(URI.encode(host))
       new_host = host_parts[2] || host_parts[5]
-      uri_parts = URI.split(uri)
+      uri_parts = URI.split(URI.encode(uri))
       uri_parts[2] = new_host
       URI::HTTPS.new(*uri_parts).to_s
     end