handle return paths mroe gracefully from "Back" in Agent show
Andrew Cantino
6 fichiers modifiés avec 20 ajouts et 17 suppressions
+ 1
- 12
app/controllers/agents_controller.rb
@@ -235,18 +235,7 @@ class AgentsController < ApplicationController |
||
| 235 | 235 |
|
| 236 | 236 |
# Sanitize params[:return] to prevent open redirect attacks, a common security issue. |
| 237 | 237 |
def redirect_back(message, options = {})
|
| 238 |
- case ret = params[:return] || options[:return] |
|
| 239 |
- when "show" |
|
| 240 |
- if @agent && !@agent.destroyed? |
|
| 241 |
- path = agent_path(@agent) |
|
| 242 |
- else |
|
| 243 |
- path = agents_path |
|
| 244 |
- end |
|
| 245 |
- when /\A#{Regexp::escape scenarios_path}\/\d+\z/, agents_path
|
|
| 246 |
- path = ret |
|
| 247 |
- end |
|
| 248 |
- |
|
| 249 |
- if path |
|
| 238 |
+ if path = filtered_agent_return_link(options) |
|
| 250 | 239 |
redirect_to path, notice: message |
| 251 | 240 |
else |
| 252 | 241 |
super agents_path, notice: message |
+ 14
- 0
app/controllers/application_controller.rb
@@ -30,6 +30,20 @@ class ApplicationController < ActionController::Base |
||
| 30 | 30 |
basecamp_auth_check |
| 31 | 31 |
end |
| 32 | 32 |
|
| 33 |
+ def filtered_agent_return_link(options = {})
|
|
| 34 |
+ case ret = params[:return].presence || options[:return] |
|
| 35 |
+ when "show" |
|
| 36 |
+ if @agent && !@agent.destroyed? |
|
| 37 |
+ agent_path(@agent) |
|
| 38 |
+ else |
|
| 39 |
+ agents_path |
|
| 40 |
+ end |
|
| 41 |
+ when /\A#{Regexp::escape scenarios_path}\/\d+\z/, agents_path
|
|
| 42 |
+ ret |
|
| 43 |
+ end |
|
| 44 |
+ end |
|
| 45 |
+ helper_method :filtered_agent_return_link |
|
| 46 |
+ |
|
| 33 | 47 |
private |
| 34 | 48 |
|
| 35 | 49 |
def twitter_oauth_check |
+ 1
- 1
app/views/agents/_action_menu.html.erb
@@ -12,7 +12,7 @@ |
||
| 12 | 12 |
<% end %> |
| 13 | 13 |
|
| 14 | 14 |
<li> |
| 15 |
- <%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent) %>
|
|
| 15 |
+ <%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent, return: return_to) %>
|
|
| 16 | 16 |
</li> |
| 17 | 17 |
|
| 18 | 18 |
<li class="divider"></li> |
+ 2
- 2
app/views/agents/_table.html.erb
@@ -14,7 +14,7 @@ |
||
| 14 | 14 |
<% @agents.each do |agent| %> |
| 15 | 15 |
<tr> |
| 16 | 16 |
<td class='<%= "agent-unavailable" if agent.unavailable? %>'> |
| 17 |
- <%= link_to agent.name, agent_path(agent) %> |
|
| 17 |
+ <%= link_to agent.name, agent_path(agent, return: (defined?(return_to) && return_to) || request.path) %> |
|
| 18 | 18 |
<br/> |
| 19 | 19 |
<span class='text-muted'><%= agent.short_type.titleize %></span> |
| 20 | 20 |
<% if agent.scenarios.present? %> |
@@ -64,7 +64,7 @@ |
||
| 64 | 64 |
<button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown"> |
| 65 | 65 |
<span class="glyphicon glyphicon-th-list"></span> Actions <span class="caret"></span> |
| 66 | 66 |
</button> |
| 67 |
- <%= render 'agents/action_menu', :agent => agent, :return_to => (defined?(return_to) && return_to) || request.path %> |
|
| 67 |
+ <%= render 'agents/action_menu', agent: agent, return_to: (defined?(return_to) && return_to) || request.path %> |
|
| 68 | 68 |
</div> |
| 69 | 69 |
</td> |
| 70 | 70 |
</tr> |
+ 1
- 1
app/views/agents/show.html.erb
@@ -2,7 +2,7 @@ |
||
| 2 | 2 |
<div class='row'> |
| 3 | 3 |
<div class='col-md-2'> |
| 4 | 4 |
<ul class="nav nav-pills nav-stacked" id="show-tabs"> |
| 5 |
- <li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, agents_path %></li>
|
|
| 5 |
+ <li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, filtered_agent_return_link || agents_path %></li>
|
|
| 6 | 6 |
|
| 7 | 7 |
<% if agent_show_view(@agent).present? %> |
| 8 | 8 |
<li class='active'><a href="#summary" data-toggle="tab"><span class='glyphicon glyphicon-picture'></span> Summary</a></li> |
+ 1
- 1
app/views/scenarios/show.html.erb
@@ -16,7 +16,7 @@ |
||
| 16 | 16 |
|
| 17 | 17 |
<div class="btn-group"> |
| 18 | 18 |
<%= link_to icon_tag('glyphicon-chevron-left') + ' Back', scenarios_path, class: "btn btn-default" %>
|
| 19 |
- <%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id), class: "btn btn-default" %>
|
|
| 19 |
+ <%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id, return: request.path), class: "btn btn-default" %>
|
|
| 20 | 20 |
<%= link_to icon_tag('glyphicon-random') + ' View Diagram', scenario_diagram_path(@scenario), class: "btn btn-default" %>
|
| 21 | 21 |
<%= link_to icon_tag('glyphicon-edit') + ' Edit', edit_scenario_path(@scenario), class: "btn btn-default" %>
|
| 22 | 22 |
<% if @scenario.source_url.present? %> |