From 14115761f9c3a97468aafc0bd04bbce34fe3457c Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Thu, 18 Jun 2015 20:48:43 +0100
Subject: [PATCH] Uses the URI.join to determine the redirection URL - Fix #829

---
 lib/wpscan/web_site.rb           |  5 +----
 spec/lib/wpscan/web_site_spec.rb | 16 ++++++++++++++--
 spec/spec_helper.rb              |  2 ++
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/lib/wpscan/web_site.rb b/lib/wpscan/web_site.rb
index 271949eb..bb520c63 100644
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -54,10 +54,7 @@ class WebSite
 
     redirected_uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
     if response.code == 301 || response.code == 302
-      redirection = response.headers_hash['location']
-      if redirection[0] == '/'
-        redirection = "#{redirected_uri.scheme}://#{redirected_uri.host}#{redirection}"
-      end
+      redirection = redirected_uri.merge(response.headers_hash['location']).to_s
 
       return redirection if url == redirection # prevents infinite loop
 
diff --git a/spec/lib/wpscan/web_site_spec.rb b/spec/lib/wpscan/web_site_spec.rb
index 83e4168b..7cbb0a70 100644
--- a/spec/lib/wpscan/web_site_spec.rb
+++ b/spec/lib/wpscan/web_site_spec.rb
@@ -116,12 +116,24 @@ describe 'WebSite' do
 
         expect(web_site.redirection).to eql absolute_location
       end
+
+      context 'when starts with a ?' do
+        it 'returns the absolute URI' do
+          relative_location = '?p=blog'
+          absolute_location = web_site.uri.merge(relative_location).to_s
+
+          stub_request(:get, web_site.url).to_return(status: 301, headers: { location: relative_location })
+          stub_request(:get, absolute_location)
+
+          expect(web_site.redirection).to eql absolute_location
+        end
+      end
     end
 
     context 'when multiple redirections' do
       it 'returns the last redirection' do
-        first_redirection  = 'www.redirection.com'
-        last_redirection   = 'redirection.com'
+        first_redirection  = 'http://www.redirection.com'
+        last_redirection   = 'http://redirection.com'
 
         stub_request(:get, web_site.url).to_return(status: 301, headers: { location: first_redirection })
         stub_request(:get, first_redirection).to_return(status: 302, headers: { location: last_redirection })
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 9ceffe53..4f2a9df4 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -5,6 +5,8 @@ require 'webmock/rspec'
 # Code Coverage (only works with ruby >= 1.9)
 require 'simplecov' if RUBY_VERSION >= '1.9'
 
+RSpec::Expectations.configuration.warn_about_potential_false_positives = false
+
 require File.expand_path(File.dirname(__FILE__) + '/../lib/common/common_helper')
 
 SPEC_DIR                      = ROOT_DIR + '/spec'