aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
diff options
context:
space:
mode:
authorJoshua Peek <josh@joshpeek.com>2009-10-19 22:40:28 -0500
committerJoshua Peek <josh@joshpeek.com>2009-10-19 22:42:11 -0500
commit33258d713a4bc20b71e92fd656c923a7b189cd33 (patch)
tree7643ae0d616e45de517e03febac700598c34a3b6 /actionpack/test
parent16d245e79645954c20cb0a11ddaf447dc1ba1744 (diff)
downloadrails-33258d713a4bc20b71e92fd656c923a7b189cd33.tar.gz
rails-33258d713a4bc20b71e92fd656c923a7b189cd33.tar.bz2
rails-33258d713a4bc20b71e92fd656c923a7b189cd33.zip
Fix brittle query string comparisons
Diffstat (limited to 'actionpack/test')
-rw-r--r--actionpack/test/template/url_helper_test.rb19
1 files changed, 13 insertions, 6 deletions
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index cec53e479c..bf0b4ad3a7 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -26,7 +26,7 @@ class UrlHelperTest < ActionView::TestCase
assert_equal "http://www.example.com?a=b&amp;c=d", url_for(:a => 'b', :c => 'd', :escape => true)
assert_equal "http://www.example.com?a=b&c=d", url_for(:a => 'b', :c => 'd', :escape => false)
end
-
+
def test_url_for_escaping_is_safety_aware
assert url_for(:a => 'b', :c => 'd', :escape => true).html_safe?, "escaped urls should be html_safe?"
assert !url_for(:a => 'b', :c => 'd', :escape => false).html_safe?, "non-escaped urls shouldn't be safe"
@@ -54,7 +54,7 @@ class UrlHelperTest < ActionView::TestCase
path = @view.url_for(:controller => :cheeses, :foo => :bar, :baz => :quux)
- assert_equal '/cheeses?baz=quux&foo=bar', path
+ assert_equal '/cheeses?baz=quux&foo=bar', sort_query_string_params(path)
end
# todo: missing test cases
@@ -284,21 +284,21 @@ class UrlHelperTest < ActionView::TestCase
assert current_page?({ :action => "show", :controller => "weblog" })
assert current_page?("http://www.example.com/weblog/show")
end
-
+
def test_current_page_ignoring_params
@controller.request = RequestMock.new("http://www.example.com/weblog/show?order=desc&page=1")
@controller.url = "http://www.example.com/weblog/show?order=desc&page=1"
assert current_page?({ :action => "show", :controller => "weblog" })
assert current_page?("http://www.example.com/weblog/show")
end
-
+
def test_current_page_with_params_that_match
@controller.request = RequestMock.new("http://www.example.com/weblog/show?order=desc&page=1")
@controller.url = "http://www.example.com/weblog/show?order=desc&page=1"
assert current_page?({ :action => "show", :controller => "weblog", :order => "desc", :page => "1" })
assert current_page?("http://www.example.com/weblog/show?order=desc&amp;page=1")
end
-
+
def test_link_unless_current
@controller.request = RequestMock.new("http://www.example.com/weblog/show")
@controller.url = "http://www.example.com/weblog/show"
@@ -378,10 +378,17 @@ class UrlHelperTest < ActionView::TestCase
assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)")
assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%6d%65%28%61%74%29%64%6f%6d%61%69%6e%28%64%6f%74%29%63%6f%6d%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", nil, :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)")
end
-
+
def protect_against_forgery?
false
end
+
+ private
+ def sort_query_string_params(uri)
+ path, qs = uri.split('?')
+ qs = qs.split('&').sort.join('&') if qs
+ qs ? "#{path}?#{qs}" : path
+ end
end
class UrlHelperController < ActionController::Base