diff options
| author | knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-02-09 03:15:54 +0000 |
|---|---|---|
| committer | knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-02-09 03:15:54 +0000 |
| commit | 35814b3a3f161a96ada0db3675b41103eb61c510 (patch) | |
| tree | 92a2d72bcea66da24415b14e325146699d82d66f | |
| parent | 1cf094c5f2bf4cd40cac3e52df2879dc31ad94c9 (diff) | |
r22143@crimson: knu | 2009-02-08 22:30:20 +0900
(:redirect) new option to disable redirection. (r13788)
(OpenURI::HTTPRedirect): new exception class for
redirection. (r13788)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@22154 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | lib/open-uri.rb | 24 |
2 files changed, 27 insertions, 0 deletions
@@ -11,6 +11,9 @@ Sun Feb 8 21:39:06 2009 Akinori MUSHA <knu@iDaemons.org> (:ftp_active_mode) new option. (r13307) (URI::FTP.buffer_open) turn ftp passive mode on if :ftp_active_mode => false is given. + (:redirect) new option to disable redirection. (r13788) + (OpenURI::HTTPRedirect): new exception class for + redirection. (r13788) Mon Feb 9 01:21:16 2009 Tanaka Akira <akr@fsij.org> diff --git a/lib/open-uri.rb b/lib/open-uri.rb index 3995e305a1..70b4e8826a 100644 --- a/lib/open-uri.rb +++ b/lib/open-uri.rb @@ -99,6 +99,7 @@ module OpenURI :ssl_ca_cert => nil, :ssl_verify_mode => nil, :ftp_active_mode => true, + :redirect => true, } def OpenURI.check_options(options) # :nodoc: @@ -199,6 +200,9 @@ module OpenURI # URI. It is converted to absolute URI using uri as a base URI. redirect = uri + redirect end + if !options.fetch(:redirect, true) + raise HTTPRedirect.new(buf.io.status.join(' '), buf.io, redirect) + end unless OpenURI.redirectable?(uri, redirect) raise "redirection forbidden: #{uri} -> #{redirect}" end @@ -222,6 +226,9 @@ module OpenURI def OpenURI.redirectable?(uri1, uri2) # :nodoc: # This test is intended to forbid a redirection from http://... to # file:///etc/passwd. + # https to http redirect is also forbidden intentionally. + # It avoids sending secure cookie or referer by non-secure HTTP protocol. + # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3) # However this is ad hoc. It should be extensible/configurable. uri1.scheme.downcase == uri2.scheme.downcase || (/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:http|ftp)\z/i =~ uri2.scheme) @@ -334,6 +341,14 @@ module OpenURI attr_reader :io end + class HTTPRedirect < HTTPError + def initialize(message, io, uri) + super(message, io) + @uri = uri + end + attr_reader :uri + end + class Buffer # :nodoc: def initialize @io = StringIO.new @@ -606,6 +621,15 @@ module OpenURI # Note that the active mode is default in Ruby 1.8 or prior. # Ruby 1.9 uses passive mode by default. # + # [:redirect] + # Synopsis: + # :redirect=>bool + # + # :redirect=>false is used to disable HTTP redirects at all. + # OpenURI::HTTPRedirect exception raised on redirection. + # It is true by default. + # The true means redirectoins between http and ftp is permitted. + # def open(*rest, &block) OpenURI.open_uri(self, *rest, &block) end |