From fb19f7b59212b5c04476b1cb87c77969ee5d6ec8 Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Tue, 24 Oct 2017 08:42:24 +0200
Subject: feat: add warning about redirects without a slash

---
 src/couch/src/couch_httpd.erl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/couch/src/couch_httpd.erl b/src/couch/src/couch_httpd.erl
index b3bbd5baa..1694ac87f 100644
--- a/src/couch/src/couch_httpd.erl
+++ b/src/couch/src/couch_httpd.erl
@@ -536,7 +536,7 @@ host_for_request(#httpd{mochi_req=MochiReq}) ->
         Value -> Value
     end.
 
-absolute_uri(#httpd{mochi_req=MochiReq}=Req, Path) ->
+absolute_uri(#httpd{mochi_req=MochiReq}=Req, [$/ | _] = Path) ->
     Host = host_for_request(Req),
     XSsl = config:get("httpd", "x_forwarded_ssl", "X-Forwarded-Ssl"),
     Scheme = case MochiReq:get_header_value(XSsl) of
@@ -552,7 +552,9 @@ absolute_uri(#httpd{mochi_req=MochiReq}=Req, Path) ->
                               end
                      end
              end,
-    Scheme ++ "://" ++ Host ++ Path.
+    Scheme ++ "://" ++ Host ++ Path;
+absolute_uri(_Req, _Path) ->
+    throw({bad_request, "path must begin with a /."}).
 
 unquote(UrlEncodedString) ->
     mochiweb_util:unquote(UrlEncodedString).
-- 
cgit v1.2.1