From e3c910927cfa072c24256136097e7a0b6ef241d6 Mon Sep 17 00:00:00 2001
From: Joern Schneeweisz <jschneeweisz@gitlab.com>
Date: Tue, 8 Oct 2019 08:53:36 +0200
Subject: Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate
 an Open Redirect issue.

Fixes https://dev.gitlab.org/gitlab/gitlabhq/issues/2934 and https://gitlab.com/gitlab-org/gitlab/issues/33569
---
 spec/controllers/concerns/internal_redirect_spec.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'spec')

diff --git a/spec/controllers/concerns/internal_redirect_spec.rb b/spec/controllers/concerns/internal_redirect_spec.rb
index da68c8c8697..e5e50cfd55e 100644
--- a/spec/controllers/concerns/internal_redirect_spec.rb
+++ b/spec/controllers/concerns/internal_redirect_spec.rb
@@ -19,7 +19,8 @@ describe InternalRedirect do
       [
         'Hello world',
         '//example.com/hello/world',
-        'https://example.com/hello/world'
+        'https://example.com/hello/world',
+        "not-starting-with-a-slash\n/starting/with/slash"
       ]
     end
 
-- 
cgit v1.2.1