diff options
author | Jamis Buck <jamis@37signals.com> | 2006-06-05 14:51:27 +0000 |
---|---|---|
committer | Jamis Buck <jamis@37signals.com> | 2006-06-05 14:51:27 +0000 |
commit | 2ffc84d23ff8f78bf43b277d64a4bcda51e932fc (patch) | |
tree | 83deb19800270a95aa41ad6a5ede5e66bdc1b4a3 /actionpack | |
parent | 332fcfaf6bee6b3ae0911e9bbe24ded9af757868 (diff) | |
download | rails-2ffc84d23ff8f78bf43b277d64a4bcda51e932fc.tar.gz rails-2ffc84d23ff8f78bf43b277d64a4bcda51e932fc.tar.bz2 rails-2ffc84d23ff8f78bf43b277d64a4bcda51e932fc.zip |
Make sure :id and friends are properly unescaped (closes #5275).
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4435 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
-rw-r--r-- | actionpack/lib/action_controller/routing.rb | 4 | ||||
-rw-r--r-- | actionpack/test/controller/routing_test.rb | 17 |
3 files changed, 22 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 4e8dc42889..f80caa8266 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Make sure :id and friends are unescaped properly. #5275 [me@julik.nl] + * Fix documentation for with_routing to reflect new reality. #5281 [rramdas@gmail.com] * Rewind readable CGI params so others may reread them (such as CGI::Session when passing the session id in a multipart form). #210 [mklame@atxeu.com, matthew@walker.wattle.id.au] diff --git a/actionpack/lib/action_controller/routing.rb b/actionpack/lib/action_controller/routing.rb index 9628c1f0ad..e1ad27fc3a 100644 --- a/actionpack/lib/action_controller/routing.rb +++ b/actionpack/lib/action_controller/routing.rb @@ -500,7 +500,9 @@ module ActionController end def match_extraction(next_capture) hangon = (default ? "|| #{default.inspect}" : "if match[#{next_capture}]") - "params[:#{key}] = match[#{next_capture}] #{hangon}" + + # All non code-related keys (such as :id, :slug) have to be unescaped as other CGI params + "params[:#{key}] = match[#{next_capture}] && CGI.unescape(match[#{next_capture}]) #{hangon}" end def optionality_implied? diff --git a/actionpack/test/controller/routing_test.rb b/actionpack/test/controller/routing_test.rb index 6388c6af03..acbf226a8c 100644 --- a/actionpack/test/controller/routing_test.rb +++ b/actionpack/test/controller/routing_test.rb @@ -241,6 +241,23 @@ class LegacyRouteSetTests < Test::Unit::TestCase assert_equal({:controller => "content", :action => 'show_page', :id => '10'}, rs.recognize_path("/page/10")) end + # For newer revision + def test_route_with_text_default + rs.draw do |map| + map.connect 'page/:id', :controller => 'content', :action => 'show_page', :id => 1 + map.connect ':controller/:action/:id' + end + + assert_equal '/page/foo', rs.generate(:controller => 'content', :action => 'show_page', :id => 'foo') + assert_equal({:controller => "content", :action => 'show_page', :id => 'foo'}, rs.recognize_path("/page/foo")) + + token = "\321\202\320\265\320\272\321\201\321\202" # 'text' in russian + escaped_token = CGI::escape(token) + + assert_equal '/page/' + escaped_token, rs.generate(:controller => 'content', :action => 'show_page', :id => token) + assert_equal({:controller => "content", :action => 'show_page', :id => token}, rs.recognize_path("/page/#{escaped_token}")) + end + def test_action_expiry assert_equal '/content', rs.generate({:controller => 'content'}, {:controller => 'content', :action => 'show'}) end |