diff options
author | Joshua Peek <josh@joshpeek.com> | 2009-10-19 22:40:28 -0500 |
---|---|---|
committer | Joshua Peek <josh@joshpeek.com> | 2009-10-19 22:42:11 -0500 |
commit | 33258d713a4bc20b71e92fd656c923a7b189cd33 (patch) | |
tree | 7643ae0d616e45de517e03febac700598c34a3b6 /actionpack | |
parent | 16d245e79645954c20cb0a11ddaf447dc1ba1744 (diff) | |
download | rails-33258d713a4bc20b71e92fd656c923a7b189cd33.tar.gz rails-33258d713a4bc20b71e92fd656c923a7b189cd33.tar.bz2 rails-33258d713a4bc20b71e92fd656c923a7b189cd33.zip |
Fix brittle query string comparisons
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/test/template/url_helper_test.rb | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index cec53e479c..bf0b4ad3a7 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -26,7 +26,7 @@ class UrlHelperTest < ActionView::TestCase assert_equal "http://www.example.com?a=b&c=d", url_for(:a => 'b', :c => 'd', :escape => true) assert_equal "http://www.example.com?a=b&c=d", url_for(:a => 'b', :c => 'd', :escape => false) end - + def test_url_for_escaping_is_safety_aware assert url_for(:a => 'b', :c => 'd', :escape => true).html_safe?, "escaped urls should be html_safe?" assert !url_for(:a => 'b', :c => 'd', :escape => false).html_safe?, "non-escaped urls shouldn't be safe" @@ -54,7 +54,7 @@ class UrlHelperTest < ActionView::TestCase path = @view.url_for(:controller => :cheeses, :foo => :bar, :baz => :quux) - assert_equal '/cheeses?baz=quux&foo=bar', path + assert_equal '/cheeses?baz=quux&foo=bar', sort_query_string_params(path) end # todo: missing test cases @@ -284,21 +284,21 @@ class UrlHelperTest < ActionView::TestCase assert current_page?({ :action => "show", :controller => "weblog" }) assert current_page?("http://www.example.com/weblog/show") end - + def test_current_page_ignoring_params @controller.request = RequestMock.new("http://www.example.com/weblog/show?order=desc&page=1") @controller.url = "http://www.example.com/weblog/show?order=desc&page=1" assert current_page?({ :action => "show", :controller => "weblog" }) assert current_page?("http://www.example.com/weblog/show") end - + def test_current_page_with_params_that_match @controller.request = RequestMock.new("http://www.example.com/weblog/show?order=desc&page=1") @controller.url = "http://www.example.com/weblog/show?order=desc&page=1" assert current_page?({ :action => "show", :controller => "weblog", :order => "desc", :page => "1" }) assert current_page?("http://www.example.com/weblog/show?order=desc&page=1") end - + def test_link_unless_current @controller.request = RequestMock.new("http://www.example.com/weblog/show") @controller.url = "http://www.example.com/weblog/show" @@ -378,10 +378,17 @@ class UrlHelperTest < ActionView::TestCase assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)") assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%6d%65%28%61%74%29%64%6f%6d%61%69%6e%28%64%6f%74%29%63%6f%6d%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", nil, :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)") end - + def protect_against_forgery? false end + + private + def sort_query_string_params(uri) + path, qs = uri.split('?') + qs = qs.split('&').sort.join('&') if qs + qs ? "#{path}?#{qs}" : path + end end class UrlHelperController < ActionController::Base |