Merge pull request #3541 from evazion/fix-3539

Fix #3539: Open redirect vulnerabilities
2018-03-08 16:02:02 -08:00
parent 418b2beae5 84a0a89f4b
commit 448ec81e97
4 changed files with 37 additions and 17 deletions
--- a/test/functional/tags_controller_test.rb
+++ b/test/functional/tags_controller_test.rb
@@ -40,6 +40,14 @@ class TagsControllerTest < ActionController::TestCase
          assert_response :success
        end
      end
+
+      context "with blank search parameters" do
+        should "strip the blank parameters with a redirect" do
+          get :index, { search: { name: "touhou", category: "" } }
+
+          assert_redirected_to tags_path(search: { name: "touhou" })
+        end
+      end
    end

    context "autocomplete action" do