diff options
author | David Heinemeier Hansson <david@loudthinking.com> | 2007-03-04 20:10:51 +0000 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2007-03-04 20:10:51 +0000 |
commit | 4568c1d74424e2dcd370e9ee111ff61df2057fef (patch) | |
tree | f7727fcaa8335ee528b6b629326009d387b0f419 /actionpack | |
parent | a7520990827da336e3585557e575eb58c3c430ec (diff) | |
download | rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.tar.gz rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.tar.bz2 rails-4568c1d74424e2dcd370e9ee111ff61df2057fef.zip |
Added URL escaping of user and password when used through the UrlWriter
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6314 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_controller/url_rewriter.rb | 2 | ||||
-rw-r--r-- | actionpack/test/controller/url_rewriter_test.rb | 9 |
2 files changed, 9 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/url_rewriter.rb b/actionpack/lib/action_controller/url_rewriter.rb index d2b324da96..66b77e405f 100644 --- a/actionpack/lib/action_controller/url_rewriter.rb +++ b/actionpack/lib/action_controller/url_rewriter.rb @@ -111,7 +111,7 @@ module ActionController def rewrite_authentication(options) if options[:user] && options[:password] - "#{options.delete(:user)}:#{options.delete(:password)}@" + "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@" else "" end diff --git a/actionpack/test/controller/url_rewriter_test.rb b/actionpack/test/controller/url_rewriter_test.rb index 178f44f15f..fb3e318ffd 100644 --- a/actionpack/test/controller/url_rewriter_test.rb +++ b/actionpack/test/controller/url_rewriter_test.rb @@ -29,7 +29,14 @@ class UrlRewriterTests < Test::Unit::TestCase @rewriter.rewrite(:user => "david", :password => "secret", :controller => 'c', :action => 'a', :id => 'i') ) end - + + def test_user_name_and_password_with_escape_codes + assert_equal( + 'http://openid.aol.com%2Fnextangler:one+two%3F@test.host/c/a/i', + @rewriter.rewrite(:user => "openid.aol.com/nextangler", :password => "one two?", :controller => 'c', :action => 'a', :id => 'i') + ) + end + def test_overwrite_params @params[:controller] = 'hi' @params[:action] = 'bye' |