diff options
| author | edogawaconan <me@myconan.net> | 2014-04-07 15:34:21 +0900 |
|---|---|---|
| committer | Andrew White <andyw@pixeltrix.co.uk> | 2014-04-20 10:11:37 +0100 |
| commit | e2ef83f8387679ce540d745659a79dd13164f9b5 (patch) | |
| tree | 1b4bcc824cc62dd2fbd96032dd2a0601dbbc048e /actionpack | |
| parent | c524556e58bcacade1d67c057c0fa30c0bd13327 (diff) | |
| download | rails-e2ef83f8387679ce540d745659a79dd13164f9b5.tar.gz rails-e2ef83f8387679ce540d745659a79dd13164f9b5.tar.bz2 rails-e2ef83f8387679ce540d745659a79dd13164f9b5.zip | |
Always escape string passed to url helper.
Makes it clear that anything passed with the helper must not be percent encoded.
Fixes previous behavior which tricks people into believing passing
non-percent-encoded will generate a proper percent-encoded path while in
reality it doesn't ('%' isn't escaped).
The intention is nice but the heuristic is broken.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/journey/router/utils.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/journey/router/utils_test.rb | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/actionpack/lib/action_dispatch/journey/router/utils.rb b/actionpack/lib/action_dispatch/journey/router/utils.rb index d1a004af50..371de21f68 100644 --- a/actionpack/lib/action_dispatch/journey/router/utils.rb +++ b/actionpack/lib/action_dispatch/journey/router/utils.rb @@ -29,7 +29,7 @@ module ActionDispatch # Symbol captures can generate multiple path segments, so include /. reserved_segment = '/' reserved_fragment = '/?' - reserved_pchar = ':@&=+$,;%' + reserved_pchar = ':@&=+$,;' safe_pchar = "#{URI::REGEXP::PATTERN::UNRESERVED}#{reserved_pchar}" safe_segment = "#{safe_pchar}#{reserved_segment}" diff --git a/actionpack/test/journey/router/utils_test.rb b/actionpack/test/journey/router/utils_test.rb index 93348f4647..8b3a4e340a 100644 --- a/actionpack/test/journey/router/utils_test.rb +++ b/actionpack/test/journey/router/utils_test.rb @@ -5,11 +5,11 @@ module ActionDispatch class Router class TestUtils < ActiveSupport::TestCase def test_path_escape - assert_equal "a/b%20c+d", Utils.escape_path("a/b c+d") + assert_equal "a/b%20c+d%25", Utils.escape_path("a/b c+d%") end def test_fragment_escape - assert_equal "a/b%20c+d?e", Utils.escape_fragment("a/b c+d?e") + assert_equal "a/b%20c+d%25?e", Utils.escape_fragment("a/b c+d%?e") end def test_uri_unescape |