Merge branch 'should-escape-cookie' of https://github.com/ma2gedev/rails into ma2gedev-should-escape-cookie

author: Andrew White <andrew.white@unboxedconsulting.com> 2016-02-16 05:24:59 +0000
committer: Andrew White <andrew.white@unboxedconsulting.com> 2016-02-16 05:24:59 +0000
commit: c032e633bd84a3569a20f0697263bf07f75441b8 (patch)
tree: 47c3fa1a5597a8484eea5539aa8976ba64f39923 /actionpack/lib
parent: 156c2cb571af8c2049e61c50232084a9351f428b (diff)
parent: 65e36d31819d46ea5934fa8c7222dcec04490423 (diff)
download: rails-c032e633bd84a3569a20f0697263bf07f75441b8.tar.gz
rails-c032e633bd84a3569a20f0697263bf07f75441b8.tar.bz2
rails-c032e633bd84a3569a20f0697263bf07f75441b8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 3477aa8b29..601b55cb8f 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -337,7 +337,7 @@ module ActionDispatch
       end
 
       def to_header
-        @cookies.map { |k,v| "#{k}=#{v}" }.join ';'
+        @cookies.map { |k,v| "#{::Rack::Utils.escape(k)}=#{::Rack::Utils.escape(v)}" }.join ';'
       end
 
       def handle_options(options) #:nodoc:
author	Andrew White <andrew.white@unboxedconsulting.com>	2016-02-16 05:24:59 +0000
committer	Andrew White <andrew.white@unboxedconsulting.com>	2016-02-16 05:24:59 +0000
commit	c032e633bd84a3569a20f0697263bf07f75441b8 (patch)
tree	47c3fa1a5597a8484eea5539aa8976ba64f39923 /actionpack/lib
parent	156c2cb571af8c2049e61c50232084a9351f428b (diff)
parent	65e36d31819d46ea5934fa8c7222dcec04490423 (diff)
download	rails-c032e633bd84a3569a20f0697263bf07f75441b8.tar.gz rails-c032e633bd84a3569a20f0697263bf07f75441b8.tar.bz2 rails-c032e633bd84a3569a20f0697263bf07f75441b8.zip