From 6e698315d68e0319d95571908dc28a656f1ab0d9 Mon Sep 17 00:00:00 2001
From: riking <rikingcoding@gmail.com>
Date: Sat, 14 Jun 2014 10:51:06 -0700
Subject: [PATCH] Allow all /my URLs
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
---
app/controllers/users_controller.rb | 2 +-
config/routes.rb | 2 +-
spec/controllers/users_controller_spec.rb | 5 +++++
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 9f9c907b9..1f659c622 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -81,7 +81,7 @@ class UsersController < ApplicationController
end
def my_redirect
- if current_user.present? && params[:path] =~ /^[a-z\-]+$/
+ if current_user.present? && params[:path] =~ /^[a-z\-\/]+$/
redirect_to "/users/#{current_user.username}/#{params[:path]}"
return
end
diff --git a/config/routes.rb b/config/routes.rb
index 81c8163b1..b26263e8b 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -185,7 +185,7 @@ Discourse::Application.routes.draw do
get "users/activate-account/:token" => "users#activate_account"
get "users/authorize-email/:token" => "users#authorize_email"
get "users/hp" => "users#get_honeypot_value"
- get "my/:path", to: 'users#my_redirect'
+ get "my/*path", to: 'users#my_redirect'
get "user_preferences" => "users#user_preferences_redirect"
get "users/:username/private-messages" => "user_actions#private_messages", constraints: {username: USERNAME_ROUTE_FORMAT}
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index d1ea2af32..b4e1e5e06 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -1330,6 +1330,11 @@ describe UsersController do
get :my_redirect, path: "preferences"
response.should be_redirect
end
+
+ it "permits forward slashes" do
+ get :my_redirect, path: "activity/posts"
+ response.should be_redirect
+ end
end
end