Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
C
cocoapods
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
gengmeiios
cocoapods
Commits
314f2717
Commit
314f2717
authored
Aug 22, 2012
by
Fabio Pelosin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[OpenURI] Reworked support for http to https redirects.
parent
fcf0b378
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
16 additions
and
33 deletions
+16
-33
CHANGELOG.md
CHANGELOG.md
+1
-0
dependency.rb
lib/cocoapods/dependency.rb
+1
-1
executable.rb
lib/cocoapods/executable.rb
+1
-1
open_uri.rb
lib/cocoapods/open_uri.rb
+13
-31
No files found.
CHANGELOG.md
View file @
314f2717
...
@@ -4,6 +4,7 @@
...
@@ -4,6 +4,7 @@
###### Bug fixes
###### Bug fixes
-
The final project isn’t affected anymore by the
`inhibit_all_warnings!`
option.
-
The final project isn’t affected anymore by the
`inhibit_all_warnings!`
option.
-
Support for redirects while using podspec from an url.
[
#462
](
https://github.com/CocoaPods/CocoaPods/issues/462
)
## 0.12.0
## 0.12.0
...
...
lib/cocoapods/dependency.rb
View file @
314f2717
...
@@ -192,7 +192,7 @@ module Pod
...
@@ -192,7 +192,7 @@ module Pod
output_path
=
sandbox
.
root
+
"Local Podspecs/
#{
name
}
.podspec"
output_path
=
sandbox
.
root
+
"Local Podspecs/
#{
name
}
.podspec"
output_path
.
dirname
.
mkpath
output_path
.
dirname
.
mkpath
puts
" * Fetching podspec for `
#{
name
}
' from:
#{
@params
[
:podspec
]
}
"
unless
config
.
silent?
puts
" * Fetching podspec for `
#{
name
}
' from:
#{
@params
[
:podspec
]
}
"
unless
config
.
silent?
open
(
@params
[
:podspec
]
,
{
:allow_unsafe_redirects
=>
true
}
)
do
|
io
|
open
(
@params
[
:podspec
])
do
|
io
|
output_path
.
open
(
'w'
)
{
|
f
|
f
<<
io
.
read
}
output_path
.
open
(
'w'
)
{
|
f
|
f
<<
io
.
read
}
end
end
end
end
...
...
lib/cocoapods/executable.rb
View file @
314f2717
...
@@ -40,7 +40,7 @@ module Pod
...
@@ -40,7 +40,7 @@ module Pod
if
should_raise
if
should_raise
raise
Informative
,
"
#{
name
}
#{
command
}
\n\n
#{
output
}
"
raise
Informative
,
"
#{
name
}
#{
command
}
\n\n
#{
output
}
"
else
else
puts
(
Config
.
instance
.
verbose?
?
' '
:
''
)
<<
"[!] Failed:
#{
full_command
}
"
.
red
unless
Config
.
instance
.
silent?
puts
((
Config
.
instance
.
verbose?
?
' '
:
''
)
<<
"[!] Failed:
#{
full_command
}
"
.
red
)
unless
Config
.
instance
.
silent?
end
end
end
end
output
output
...
...
lib/cocoapods/open_uri.rb
View file @
314f2717
require
'open-uri'
require
'open-uri'
# Inspiration from: https://gist.github.com/1271420
#
#
# From: https://gist.github.com/1271420
# Allow open-uri to follow http to https redirects.
#
# Allow open-uri to follow unsafe redirects (i.e. https to http).
# Relevant issue:
# Relevant issue:
# http://redmine.ruby-lang.org/issues/3719
# http://redmine.ruby-lang.org/issues/3719
# Source here:
# Source here:
# https://github.com/ruby/ruby/blob/trunk/lib/open-uri.rb
# https://github.com/ruby/ruby/blob/trunk/lib/open-uri.rb
module
OpenURI
class
<<
self
alias_method
:open_uri_original
,
:open_uri
alias_method
:redirectable_cautious?
,
:redirectable?
def
redirectable_baller?
uri1
,
uri2
valid
=
/\A(?:https?|ftp)\z/i
valid
=~
uri1
.
scheme
.
downcase
&&
valid
=~
uri2
.
scheme
end
end
# The original open_uri takes *args but then doesn't do anything with them.
module
OpenURI
# Assume we can only handle a hash.
def
OpenURI
.
redirectable?
(
uri1
,
uri2
)
# :nodoc:
def
self
.
open_uri
name
,
options
=
{},
&
block
# This test is intended to forbid a redirection from http://... to
value
=
options
.
delete
:allow_unsafe_redirects
# file:///etc/passwd, file:///dev/zero, etc. CVE-2011-1521
# https to http redirect is also forbidden intentionally.
if
value
# It avoids sending secure cookie or referer by non-secure HTTP protocol.
class
<<
self
# (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
remove_method
:redirectable?
# However this is ad hoc. It should be extensible/configurable.
alias_method
:redirectable?
,
:redirectable_baller?
uri1
.
scheme
.
downcase
==
uri2
.
scheme
.
downcase
||
end
(
/\A(?:http|ftp)\z/i
=~
uri1
.
scheme
&&
/\A(?:https?|ftp)\z/i
=~
uri2
.
scheme
)
else
class
<<
self
remove_method
:redirectable?
alias_method
:redirectable?
,
:redirectable_cautious?
end
end
self
.
open_uri_original
name
,
options
,
&
block
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment