FIX: Run the regular expression against query parameters

This commit is contained in:
Robin Ward 2016-08-26 12:47:21 -04:00
parent 39de27a4b2
commit 20241a01e9
2 changed files with 11 additions and 3 deletions

View file

@ -24,9 +24,13 @@ class EmbeddableHost < ActiveRecord::Base
uri = URI(url) rescue nil uri = URI(url) rescue nil
return false unless uri.present? return false unless uri.present?
path = uri.path
path << "?" << uri.query if uri.query.present?
host = record_for_url(uri) host = record_for_url(uri)
return host.present? && return host.present? &&
(host.path_whitelist.blank? || !Regexp.new(host.path_whitelist).match(uri.path).nil?) (host.path_whitelist.blank? || !Regexp.new(host.path_whitelist).match(path).nil?)
end end
private private

View file

@ -66,13 +66,17 @@ describe EmbeddableHost do
end end
describe "path_whitelist" do describe "path_whitelist" do
let!(:host) { Fabricate(:embeddable_host, path_whitelist: '^/fp/\d{4}/\d{2}/\d{2}/.*$') }
it "matches the path" do it "matches the path" do
Fabricate(:embeddable_host, path_whitelist: '^/fp/\d{4}/\d{2}/\d{2}/.*$')
expect(EmbeddableHost.url_allowed?('http://eviltrout.com')).to eq(false) expect(EmbeddableHost.url_allowed?('http://eviltrout.com')).to eq(false)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp/2016/08/25/test-page')).to eq(true) expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp/2016/08/25/test-page')).to eq(true)
end end
it "respects query parameters" do
Fabricate(:embeddable_host, path_whitelist: '^/fp$')
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp?test=1')).to eq(false)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp')).to eq(true)
end
end end
end end