diff options
author | Andrew White <andyw@pixeltrix.co.uk> | 2012-04-29 21:19:18 +0100 |
---|---|---|
committer | Andrew White <andyw@pixeltrix.co.uk> | 2012-04-29 21:19:18 +0100 |
commit | b608cdd64c95d0d16eb98d86562e22f3b01be9e3 (patch) | |
tree | deb575f47ca2115b705e4cca40ebbba7f516992a /actionpack/test/dispatch | |
parent | 0df261a4d1557ef0c38d44fb7aa096c203ffaac5 (diff) | |
download | rails-b608cdd64c95d0d16eb98d86562e22f3b01be9e3.tar.gz rails-b608cdd64c95d0d16eb98d86562e22f3b01be9e3.tar.bz2 rails-b608cdd64c95d0d16eb98d86562e22f3b01be9e3.zip |
Escape interpolated params when redirecting - fixes #5688
Diffstat (limited to 'actionpack/test/dispatch')
-rw-r--r-- | actionpack/test/dispatch/routing_test.rb | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index 50b959cc39..9e522d44fa 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -2635,3 +2635,31 @@ class TestMultipleNestedController < ActionDispatch::IntegrationTest end +class TestRedirectInterpolation < ActionDispatch::IntegrationTest + Routes = ActionDispatch::Routing::RouteSet.new.tap do |app| + app.draw do + ok = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, []] } + + get "/foo/:id" => redirect("/foo/bar/%{id}") + get "/foo/bar/:id" => ok + end + end + + def app; Routes end + + test "redirect escapes interpolated parameters" do + get "/foo/1%3E" + verify_redirect "http://www.example.com/foo/bar/1%3E" + end + +private + def verify_redirect(url, status=301) + assert_equal status, @response.status + assert_equal url, @response.headers['Location'] + assert_equal expected_redirect_body(url), @response.body + end + + def expected_redirect_body(url) + %(<html><body>You are being <a href="#{ERB::Util.h(url)}">redirected</a>.</body></html>) + end +end |