* lib/open-uri.rb: :redirect option implemented to disable redirects.

(OpenURI::HTTPRedirect): new exception class for redirection. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@13788 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-10-28 12:55:51 +00:00 · 2007-10-28 12:55:51 +00:00 · 2e064c694c
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Sun Oct 28 21:50:02 2007  Tanaka Akira  <akr@fsij.org>
+
+	* lib/open-uri.rb: :redirect option implemented to disable redirects.
+	  (OpenURI::HTTPRedirect): new exception class for redirection.
+
 Fri Oct 26 17:38:13 2007  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* numeric.c (int_chr): take an optional encoding parameter.
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@ -99,6 +99,7 @@ module OpenURI
    :ssl_ca_cert => nil,
    :ssl_verify_mode => nil,
    :ftp_active_mode => false,
+    :redirect => true,
  }

  def OpenURI.check_options(options) # :nodoc:
@ -199,6 +200,9 @@ module OpenURI
          # URI.  It is converted to absolute URI using uri as a base URI.
          redirect = uri + redirect
        end
+        if !options.fetch(:redirect, true)
+          raise HTTPRedirect.new(buf.io.status.join(' '), buf.io, redirect)
+        end
        unless OpenURI.redirectable?(uri, redirect)
          raise "redirection forbidden: #{uri} -> #{redirect}"
        end
@ -222,6 +226,9 @@ module OpenURI
  def OpenURI.redirectable?(uri1, uri2) # :nodoc:
    # This test is intended to forbid a redirection from http://... to
    # file:///etc/passwd.
+    # https to http redirect is also forbidden intentionally.
+    # It avoids sending secure cookie or referer by non-secure HTTP protocol.
+    # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
    # However this is ad hoc.  It should be extensible/configurable.
    uri1.scheme.downcase == uri2.scheme.downcase ||
    (/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:http|ftp)\z/i =~ uri2.scheme)
@ -334,6 +341,14 @@ module OpenURI
    attr_reader :io
  end

+  class HTTPRedirect < HTTPError
+    def initialize(message, io, uri)
+      super(message, io)
+      @uri = uri
+    end
+    attr_reader :uri
+  end
+
  class Buffer # :nodoc:
    def initialize
      @io = StringIO.new
@ -606,6 +621,15 @@ module OpenURI
    # Note that the active mode is default in Ruby 1.8 or prior.
    # Ruby 1.9 uses passive mode by default.
    #
+    # [:redirect]
+    #  Synopsis:
+    #    :redirect=>bool
+    #
+    # :redirect=>false is used to disable HTTP redirects at all.
+    # OpenURI::HTTPRedirect exception raised on redirection.
+    # It is true by default.
+    # The true means redirectoins between http and ftp is permitted.
+    #
    def open(*rest, &block)
      OpenURI.open_uri(self, *rest, &block)
    end