From a4216449d48c802b58f5af1070399de37ea994f5 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Thu, 30 Aug 2012 19:07:21 -0700
Subject: [PATCH] Only accept `only_path` in redirect_to's first arg

Fixes #120
---
 lib/brakeman/checks/check_redirect.rb | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/lib/brakeman/checks/check_redirect.rb b/lib/brakeman/checks/check_redirect.rb
index be664b44..2619f8f3 100644
--- a/lib/brakeman/checks/check_redirect.rb
+++ b/lib/brakeman/checks/check_redirect.rb
@@ -95,14 +95,14 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
   #Checks +redirect_to+ arguments for +only_path => true+ which essentially
   #nullifies the danger posed by redirecting with user input
   def only_path? call
-    call.args.each do |arg|
-      if hash? arg
-        if value = hash_access(arg, :only_path)
-          return true if true?(value)
-        end
-      elsif call? arg and arg.method == :url_for
-        return check_url_for(arg)
+    arg = call.first_arg
+
+    if hash? arg
+      if value = hash_access(arg, :only_path)
+        return true if true?(value)
       end
+    elsif call? arg and arg.method == :url_for
+      return check_url_for(arg)
     end
 
     false
@@ -111,11 +111,11 @@ class Brakeman::CheckRedirect < Brakeman::BaseCheck
   #+url_for+ is only_path => true by default. This checks to see if it is
   #set to false for some reason.
   def check_url_for call
-    call.args.each do |arg|
-      if hash? arg
-        if value = hash_access(arg, :only_path)
-          return false if false?(value)
-        end
+    arg = call.first_arg
+
+    if hash? arg
+      if value = hash_access(arg, :only_path)
+        return false if false?(value)
       end
     end
 
-- 
GitLab