sandyxu · December 21, 2015 11:59
diff --git a/safe_continue_redirect.rb b/safe_continue_redirect.rb
  # 来自wooyun的白帽子安全 http://www.wooyun.org/bugs/subtype-65/page/1
  
  # 通过params[:continue] 的安全url进行跳转
  def safe_continue_redirect(continue = params[:continue])
    if continue
      redirect_to safe_continue_url(continue)
    else
      redirect_to(root_path)
    end
  end

  # 安全的URL地址，防止跳转欺骗
  def safe_continue_url(url)
    uri = URI(url)
    host = uri.host
    setting = Settings.hostname
    if host.nil? or host == setting or host.end_with?(".#{setting}")
      url
    else
      root_url
    end
  end
	# 来自wooyun的白帽子安全 http://www.wooyun.org/bugs/subtype-65/page/1

	# 通过params[:continue] 的安全url进行跳转
	def safe_continue_redirect(continue = params[:continue])
	if continue
	redirect_to safe_continue_url(continue)
	else
	redirect_to(root_path)
	end
	end

	# 安全的URL地址，防止跳转欺骗
	def safe_continue_url(url)
	uri = URI(url)
	host = uri.host
	setting = Settings.hostname
	if host.nil? or host == setting or host.end_with?(".#{setting}")
	url
	else
	root_url
	end
	end