From 35814b3a3f161a96ada0db3675b41103eb61c510 Mon Sep 17 00:00:00 2001
From: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 9 Feb 2009 03:15:54 +0000
Subject:  r22143@crimson:  knu | 2009-02-08 22:30:20 +0900  (:redirect) new
 option to disable redirection. (r13788)  (OpenURI::HTTPRedirect): new
 exception class for  redirection. (r13788)

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@22154 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog       |  3 +++
 lib/open-uri.rb | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 991ea2d049..a24c27e69a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,9 @@ Sun Feb  8 21:39:06 2009  Akinori MUSHA  <knu@iDaemons.org>
 	  (:ftp_active_mode) new option. (r13307)
 	  (URI::FTP.buffer_open) turn ftp passive mode on if
 	  :ftp_active_mode => false is given.
+	  (:redirect) new option to disable redirection. (r13788)
+	  (OpenURI::HTTPRedirect): new exception class for
+	  redirection. (r13788)
 
 Mon Feb  9 01:21:16 2009  Tanaka Akira  <akr@fsij.org>
 
diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index 3995e305a1..70b4e8826a 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -99,6 +99,7 @@ module OpenURI
     :ssl_ca_cert => nil,
     :ssl_verify_mode => nil,
     :ftp_active_mode => true,
+    :redirect => true,
   }
 
   def OpenURI.check_options(options) # :nodoc:
@@ -199,6 +200,9 @@ module OpenURI
           # URI.  It is converted to absolute URI using uri as a base URI.
           redirect = uri + redirect
         end
+        if !options.fetch(:redirect, true)
+          raise HTTPRedirect.new(buf.io.status.join(' '), buf.io, redirect)
+        end
         unless OpenURI.redirectable?(uri, redirect)
           raise "redirection forbidden: #{uri} -> #{redirect}"
         end
@@ -222,6 +226,9 @@ module OpenURI
   def OpenURI.redirectable?(uri1, uri2) # :nodoc:
     # This test is intended to forbid a redirection from http://... to
     # file:///etc/passwd.
+    # https to http redirect is also forbidden intentionally.
+    # It avoids sending secure cookie or referer by non-secure HTTP protocol.
+    # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
     # However this is ad hoc.  It should be extensible/configurable.
     uri1.scheme.downcase == uri2.scheme.downcase ||
     (/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:http|ftp)\z/i =~ uri2.scheme)
@@ -334,6 +341,14 @@ module OpenURI
     attr_reader :io
   end
 
+  class HTTPRedirect < HTTPError
+    def initialize(message, io, uri)
+      super(message, io)
+      @uri = uri
+    end
+    attr_reader :uri
+  end
+
   class Buffer # :nodoc:
     def initialize
       @io = StringIO.new
@@ -606,6 +621,15 @@ module OpenURI
     # Note that the active mode is default in Ruby 1.8 or prior.
     # Ruby 1.9 uses passive mode by default.
     #
+    # [:redirect]
+    #  Synopsis:
+    #    :redirect=>bool
+    #
+    # :redirect=>false is used to disable HTTP redirects at all.
+    # OpenURI::HTTPRedirect exception raised on redirection.
+    # It is true by default.
+    # The true means redirectoins between http and ftp is permitted.
+    #
     def open(*rest, &block)
       OpenURI.open_uri(self, *rest, &block)
     end
-- 
cgit v1.2.3