module GoToParam

Constants

VERSION

Public Class Methods

allow_redirect_prefix(prefix) click to toggle source

# File lib/go_to_param.rb, line 5
def self.allow_redirect_prefix(prefix)
  allowed_redirect_prefixes << prefix
end

allowed_redirect_prefixes() click to toggle source

# File lib/go_to_param.rb, line 9
def self.allowed_redirect_prefixes
  reset_allowed_redirect_prefixes unless @allowed_redirect_prefixes
  @allowed_redirect_prefixes
end

included(klass) click to toggle source

# File lib/go_to_param.rb, line 19
def self.included(klass)
  klass.helper_method :hidden_go_to_tag, :hidden_go_to_here_tag,
    :go_to_params, :go_to_here_params,
    :go_to_path, :go_to_path_or
end

reset_allowed_redirect_prefixes() click to toggle source

Mostly for tests…

# File lib/go_to_param.rb, line 15
def self.reset_allowed_redirect_prefixes
  @allowed_redirect_prefixes = [ "/" ]
end

Public Instance Methods

go_to_here_params(additional_query_params = {}) click to toggle source

# File lib/go_to_param.rb, line 37
def go_to_here_params(additional_query_params = {})
  path = go_to_here_path(**additional_query_params)

  if path
    { go_to: path }
  else
    {}
  end
end

go_to_params(other_params = {}) click to toggle source

# File lib/go_to_param.rb, line 33
def go_to_params(other_params = {})
  { go_to: go_to_path }.merge(other_params)
end

go_to_path() click to toggle source

# File lib/go_to_param.rb, line 47
def go_to_path
  return nil if go_to_param_value.nil?

  # Avoid phishing redirects.
  if matches_allowed_redirect_prefixes?
    go_to_param_value
  else
    nil
  end
end

go_to_path_or(default) click to toggle source

# File lib/go_to_param.rb, line 58
def go_to_path_or(default)
  go_to_path || default
end

hidden_go_to_here_tag(additional_query_params = {}) click to toggle source

# File lib/go_to_param.rb, line 29
def hidden_go_to_here_tag(additional_query_params = {})
  view_context.hidden_field_tag :go_to, go_to_here_params(additional_query_params)[:go_to]
end

hidden_go_to_tag() click to toggle source

# File lib/go_to_param.rb, line 25
def hidden_go_to_tag
  view_context.hidden_field_tag :go_to, go_to_path
end

Private Instance Methods

_go_to_add_query_string_from_hash(path, hash) click to toggle source

Named this way to avoid conflicts. TODO: thepugautomatic.com/2014/02/private-api/

# File lib/go_to_param.rb, line 84
def _go_to_add_query_string_from_hash(path, hash)
  if hash.empty?
    path
  else
    separator = path.include?("?") ? "&" : "?"
    query_string = hash.map { |k, v| "#{k}=#{CGI.escape v.to_s}" }.join("&")
    [ path, separator, query_string ].join
  end
end

_go_to_fullpath() click to toggle source

Prevent encoding errors (“incompatible character encodings: UTF-8 and ASCII-8BIT”) for certain malformed requests. Inspired by github.com/discourse/discourse/commit/090dc80f8a23dbb3ad703efbac990aa917c06505

# File lib/go_to_param.rb, line 96
def _go_to_fullpath
  path = request.fullpath
  path.dup.force_encoding("UTF-8").scrub
end

go_to_here_path(anchor: nil, **additional_query_params) click to toggle source

# File lib/go_to_param.rb, line 68
def go_to_here_path(anchor: nil, **additional_query_params)
  if request.get?
    path_without_anchor = _go_to_add_query_string_from_hash(_go_to_fullpath, additional_query_params)
    anchor ? path_without_anchor + "#" + anchor : path_without_anchor
  else
    nil
  end
end

go_to_param_value() click to toggle source

# File lib/go_to_param.rb, line 77
def go_to_param_value
  # We use `to_s` to avoid "not a string" type errors from hack attempts where a hash is passed, e.g. "go_to[foo]=bar".
  value = params[:go_to].to_s
  value == "" ? nil : value
end

matches_allowed_redirect_prefixes?() click to toggle source

# File lib/go_to_param.rb, line 64
def matches_allowed_redirect_prefixes?
  GoToParam.allowed_redirect_prefixes.any? { |prefix| go_to_param_value.start_with?(prefix) }
end