Merge branch 'open_uri'

* open_uri:
  [OpenURI] Reworked support for http to https redirects.
  [OpenURI] Support for unsafe redirects.

CHANGELOG.md

@@ -10,6 +10,7 @@
 ###### Bug fixes
 
 - The final project isn’t affected anymore by the `inhibit_all_warnings!` option.
+- Support for redirects while using podspec from an url. [#462](https://github.com/CocoaPods/CocoaPods/issues/462)
 
 ## 0.12.0
 

lib/cocoapods/dependency.rb

-require 'open-uri'
+require 'cocoapods/open_uri'
 
 module Pod
   class Dependency < Gem::Dependency

lib/cocoapods/executable.rb

@@ -40,7 +40,7 @@ module Pod
           if should_raise
             raise Informative, "#{name} #{command}\n\n#{output}"
           else
-            puts (Config.instance.verbose? ? '   ' : '') << "[!] Failed: #{full_command}".red unless Config.instance.silent?
+            puts((Config.instance.verbose? ? '   ' : '') << "[!] Failed: #{full_command}".red) unless Config.instance.silent?
           end
         end
         output

lib/cocoapods/open_uri.rb

+require 'open-uri'
+
+# Inspiration from: https://gist.github.com/1271420
+#
+# Allow open-uri to follow http to https redirects.
+# Relevant issue:
+# http://redmine.ruby-lang.org/issues/3719
+# Source here:
+# https://github.com/ruby/ruby/blob/trunk/lib/open-uri.rb
+
+module OpenURI
+  def OpenURI.redirectable?(uri1, uri2) # :nodoc:
+    # This test is intended to forbid a redirection from http://... to
+    # file:///etc/passwd, file:///dev/zero, etc.  CVE-2011-1521
+    # https to http redirect is also forbidden intentionally.
+    # It avoids sending secure cookie or referer by non-secure HTTP protocol.
+    # (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
+    # However this is ad hoc.  It should be extensible/configurable.
+    uri1.scheme.downcase == uri2.scheme.downcase ||
+    (/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:https?|ftp)\z/i =~ uri2.scheme)
+  end
+end