diff options
| author | Rich Cavanaugh <cavanaugh@fatjam.com> | 2008-05-12 15:25:56 -0700 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2008-05-12 15:26:19 -0700 |
| commit | a425cd147363a0e8d7e17177ef252dd760197f15 (patch) | |
| tree | d992a97129c45fe67028e8ba372164cd4ca03568 /actionpack/test/controller | |
| parent | cde6a259bf46cdaf1f2fe5fdeb84478ca8fc3046 (diff) | |
| download | rails-a425cd147363a0e8d7e17177ef252dd760197f15.tar.gz rails-a425cd147363a0e8d7e17177ef252dd760197f15.tar.bz2 rails-a425cd147363a0e8d7e17177ef252dd760197f15.zip | |
Don't double-escape cookie store data. Don't split cookie values with newlines into an array. [#130 state:resolved]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Diffstat (limited to 'actionpack/test/controller')
| -rw-r--r-- | actionpack/test/controller/cookie_test.rb | 5 | ||||
| -rwxr-xr-x | actionpack/test/controller/session/cookie_store_test.rb | 16 |
2 files changed, 19 insertions, 2 deletions
diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index 42f3bd26a4..b8f3c629f4 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -137,4 +137,9 @@ class CookieTest < Test::Unit::TestCase cookies = CGI::Cookie.parse('return_to=http://rubyonrails.org/search?term=api&scope=all&global=true') assert_equal({"return_to" => ["http://rubyonrails.org/search?term=api&scope=all&global=true"]}, cookies) end + + def test_cookies_should_not_be_split_on_values_with_newlines + cookies = CGI::Cookie.new("name" => "val", "value" => "this\nis\na\ntest") + assert cookies.size == 1 + end end diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index d308f2a31b..5adaeaf5c5 100755 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -43,7 +43,9 @@ class CookieStoreTest < Test::Unit::TestCase { :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}], :a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf'), { 'user_id' => 123, 'flash' => {} }] } + end def setup @@ -101,6 +103,15 @@ class CookieStoreTest < Test::Unit::TestCase end end + def test_restores_double_encoded_cookies + set_cookie! cookie_value(:double_escaped) + new_session do |session| + session.dbman.restore + assert_equal session["user_id"], 123 + assert_equal session["flash"], {} + end + end + def test_close_doesnt_write_cookie_if_data_is_blank new_session do |session| assert_no_cookies session @@ -241,6 +252,7 @@ class CookieStoreWithMD5DigestTest < CookieStoreTest { :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}], :a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] } end end |