webrick/httpresponse: set_redirect requires a valid URI

Prevents response splitting and HTML injection attacks in
poorly-written applications which blindly pass along user input
in redirects.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63964 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 3 insertions, 1 deletions

diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
index 6d77692140..255a27f6b9 100644
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@@ -10,6 +10,7 @@
 # $IPR: httpresponse.rb,v 1.45 2003/07/11 11:02:25 gotoyuzo Exp $
 
 require 'time'
+require 'uri'
 require 'webrick/httpversion'
 require 'webrick/htmlutils'
 require 'webrick/httputils'
@@ -331,8 +332,9 @@ module WEBrick
     #   res.set_redirect WEBrick::HTTPStatus::TemporaryRedirect
 
     def set_redirect(status, url)
+      url = URI(url).to_s
       @body = "<HTML><A HREF=\"#{url}\">#{url}</A>.</HTML>\n"
-      @header['location'] = url.to_s
+      @header['location'] = url
       raise status
     end