okay, finally got a working redirect vuln

2013-06-04 11:00:01 -04:00
parent e1dfb8309c
commit ef2b2e8e11
6 changed files with 124 additions and 6 deletions
@@ -13,7 +13,8 @@ class ApplicationController < ActionController::Base
  end
  
  def authenticated
-     redirect_to root_url and reset_session if not current_user
+     path = request.fullpath.present? ? root_url(:url =>  request.fullpath) : root_url
+     redirect_to path and reset_session if not current_user
  end

  def is_admin?