Handle invalid referer URLs

Rescues URI::InvalidURIError of URL(request.referer).
2026-03-01 02:03:22 +00:00 · 2015-06-05 12:43:49 +10:00
parent 552bbf221c
commit e35b39c7cf
5 changed files with 51 additions and 3 deletions
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -1,3 +1,5 @@
+require 'open_food_network/referer_parser'
+
 module Admin
  class EnterprisesController < ResourceController
    before_filter :load_enterprise_set, :only => :index
@@ -199,7 +201,8 @@ module Admin

    # Overriding method on Spree's resource controller
    def location_after_save
-      refered_from_edit = URI(request.referer).path == main_app.edit_admin_enterprise_path(@enterprise)
+      referer_path = OpenFoodNetwork::RefererParser::path(request.referer)
+      refered_from_edit = referer_path == main_app.edit_admin_enterprise_path(@enterprise)
      if params[:enterprise].key?(:producer_properties_attributes) && !refered_from_edit
        main_app.admin_enterprises_path
      else
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,5 @@
+require 'open_food_network/referer_parser'
+
 class ApplicationController < ActionController::Base
  protect_from_forgery

@@ -9,7 +11,8 @@ class ApplicationController < ActionController::Base
  end

  def set_checkout_redirect
-    if request.referer and referer_path = URI(request.referer).path
+    referer_path = OpenFoodNetwork::RefererParser::path(request.referer)
+    if referer_path
      session["spree_user_return_to"] = [main_app.checkout_path].include?(referer_path) ? referer_path : root_path
    end
  end
--- a/app/controllers/spree/admin/products_controller_decorator.rb
+++ b/app/controllers/spree/admin/products_controller_decorator.rb
@@ -1,4 +1,5 @@
 require 'open_food_network/spree_api_key_loader'
+require 'open_food_network/referer_parser'

 Spree::Admin::ProductsController.class_eval do
  include OpenFoodNetwork::SpreeApiKeyLoader
@@ -53,7 +54,8 @@ Spree::Admin::ProductsController.class_eval do

  protected
  def location_after_save
-    if URI(request.referer).path == '/admin/products/bulk_edit'
+    referer_path = OpenFoodNetwork::RefererParser::path(request.referer)
+    if referer_path == '/admin/products/bulk_edit'
      bulk_edit_admin_products_url
    else
      location_after_save_original
--- a/lib/open_food_network/referer_parser.rb
+++ b/lib/open_food_network/referer_parser.rb
@@ -0,0 +1,17 @@
+module OpenFoodNetwork
+  class RefererParser
+    def self.path(referer)
+      parse_uri(referer).andand.path if referer
+    end
+
+    def self.parse_uri(string)
+        begin
+          # TODO: make this operation obsolete by fixing URLs generated by AngularJS
+          string.sub!('##', '#')
+          URI(string)
+        rescue URI::InvalidURIError
+          nil
+        end
+    end
+  end
+end
--- a/spec/lib/open_food_network/referer_parser_spec.rb
+++ b/spec/lib/open_food_network/referer_parser_spec.rb
@@ -0,0 +1,23 @@
+require 'open_food_network/referer_parser'
+require 'spec_helper'
+
+module OpenFoodNetwork
+  describe RefererParser do
+
+    it "handles requests without referer" do
+      RefererParser.path(nil).should be_nil
+    end
+
+    it "handles requests with referer" do
+      RefererParser.path('http://example.org/').should eq('/')
+    end
+
+    it "handles requests with invalid referer" do
+      RefererParser.path('this is not a URI').should be_nil
+    end
+
+    it "handles requests with known issue of referer" do
+      RefererParser.path('http://example.org/##invalid-fragment').should eq('/')
+    end
+  end
+end