Try to escape each part of a path redirect route correctly

A path redirect may contain any and all parts of a url which have different
escaping rules for each part. This commit tries to escape each part correctly
by splitting the string into three chunks - path (which may also include a host),
query and fragment; then it applies the correct escape pattern to each part.

Whilst using `URI.parse` would be better, unfortunately the possible presence
of %{name} parameters in the path redirect string prevents us from using it so
we have to use a regular expression instead.

Fixes #13110.

1 files changed, 10 insertions, 0 deletions

diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb
index 3e9e90a950..aac808afda 100644
--- a/actionpack/test/dispatch/routing_test.rb
+++ b/actionpack/test/dispatch/routing_test.rb
@@ -3235,7 +3235,9 @@ class TestRedirectInterpolation < ActionDispatch::IntegrationTest
 
       get "/foo/:id" => redirect("/foo/bar/%{id}")
       get "/bar/:id" => redirect(:path => "/foo/bar/%{id}")
+      get "/baz/:id" => redirect("/baz?id=%{id}&foo=?&bar=1#id-%{id}")
       get "/foo/bar/:id" => ok
+      get "/baz" => ok
     end
   end
 
@@ -3251,6 +3253,14 @@ class TestRedirectInterpolation < ActionDispatch::IntegrationTest
     verify_redirect "http://www.example.com/foo/bar/1%3E"
   end
 
+  test "path redirect escapes interpolated parameters correctly" do
+    get "/foo/1%201"
+    verify_redirect "http://www.example.com/foo/bar/1%201"
+
+    get "/baz/1%201"
+    verify_redirect "http://www.example.com/baz?id=1+1&foo=?&bar=1#id-1%201"
+  end
+
 private
   def verify_redirect(url, status=301)
     assert_equal status, @response.status