Added URL escaping of user and password when used through the UrlWriter

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6314 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
author: David Heinemeier Hansson <david@loudthinking.com> 2007-03-04 20:10:51 +0000
committer: David Heinemeier Hansson <david@loudthinking.com> 2007-03-04 20:10:51 +0000
commit: 4568c1d74424e2dcd370e9ee111ff61df2057fef (patch)
tree: f7727fcaa8335ee528b6b629326009d387b0f419 /actionpack/lib
parent: a7520990827da336e3585557e575eb58c3c430ec (diff)
download: rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.tar.gz
rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.tar.bz2
rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/url_rewriter.rb b/actionpack/lib/action_controller/url_rewriter.rb
index d2b324da96..66b77e405f 100644
--- a/actionpack/lib/action_controller/url_rewriter.rb
+++ b/actionpack/lib/action_controller/url_rewriter.rb
@@ -111,7 +111,7 @@ module ActionController
       
       def rewrite_authentication(options)
         if options[:user] && options[:password]
-          "#{options.delete(:user)}:#{options.delete(:password)}@"
+          "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@"
         else
           ""
         end
author	David Heinemeier Hansson <david@loudthinking.com>	2007-03-04 20:10:51 +0000
committer	David Heinemeier Hansson <david@loudthinking.com>	2007-03-04 20:10:51 +0000
commit	4568c1d74424e2dcd370e9ee111ff61df2057fef (patch)
tree	f7727fcaa8335ee528b6b629326009d387b0f419 /actionpack/lib
parent	a7520990827da336e3585557e575eb58c3c430ec (diff)
download	rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.tar.gz rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.tar.bz2 rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.zip