AgentsController#redirect_back: Use the referrer when appropriate
Akinori MUSHA
1 changed files with 12 additions and 7 deletions
+ 12
- 7
app/controllers/agents_controller.rb
@@ -226,15 +226,20 @@ class AgentsController < ApplicationController |
||
| 226 | 226 |
|
| 227 | 227 |
# Sanitize params[:return] to prevent open redirect attacks, a common security issue. |
| 228 | 228 |
def redirect_back(message) |
| 229 |
- if params[:return] == "show" && @agent && !@agent.destroyed? |
|
| 230 |
- path = agent_path(@agent) |
|
| 231 |
- elsif params[:return] =~ /\A#{Regexp::escape scenarios_path}\/\d+\Z/
|
|
| 232 |
- path = params[:return] |
|
| 233 |
- else |
|
| 234 |
- path = agents_path |
|
| 229 |
+ case ret = params[:return] |
|
| 230 |
+ when "show" |
|
| 231 |
+ if @agent && !@agent.destroyed? |
|
| 232 |
+ path = agent_path(@agent) |
|
| 233 |
+ end |
|
| 234 |
+ when /\A#{Regexp::escape scenarios_path}\/\d+\Z/
|
|
| 235 |
+ path = ret |
|
| 235 | 236 |
end |
| 236 | 237 |
|
| 237 |
- redirect_to path, notice: message |
|
| 238 |
+ if path |
|
| 239 |
+ redirect_to path, notice: message |
|
| 240 |
+ else |
|
| 241 |
+ super agents_path, notice: message |
|
| 242 |
+ end |
|
| 238 | 243 |
end |
| 239 | 244 |
|
| 240 | 245 |
def build_agent |