diff options
-rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
-rw-r--r-- | actionpack/lib/action_controller/cgi_ext/cookie.rb | 7 | ||||
-rw-r--r-- | actionpack/test/controller/cookie_test.rb | 5 |
3 files changed, 10 insertions, 4 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 166b2319ff..a718b4b8e0 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Remove support for multivalued (e.g., '&'-delimited) cookies. [Jamis Buck] + * Fix problem with render :partial collections, records, and locals. #11057 [lotswholetime] * Added support for naming concrete classes in sweeper declarations [DHH] diff --git a/actionpack/lib/action_controller/cgi_ext/cookie.rb b/actionpack/lib/action_controller/cgi_ext/cookie.rb index c7ea1b6443..3dd374f126 100644 --- a/actionpack/lib/action_controller/cgi_ext/cookie.rb +++ b/actionpack/lib/action_controller/cgi_ext/cookie.rb @@ -90,12 +90,11 @@ class CGI #:nodoc: if raw_cookie raw_cookie.split(/;\s?/).each do |pairs| - name, values = pairs.split('=',2) - next unless name and values + name, value = pairs.split('=',2) + next unless name and value name = CGI::unescape(name) - values = values.split('&').collect!{|v| CGI::unescape(v) } unless cookies.has_key?(name) - cookies[name] = new(name, *values) + cookies[name] = new(name, CGI::unescape(value)) end end end diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index 6a82a26261..0483fe918a 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -132,4 +132,9 @@ class CookieTest < Test::Unit::TestCase assert cookie_str !~ /secure/ assert cookie_str !~ /HttpOnly/ end + + def test_cookies_should_not_be_split_on_ampersand_values + cookies = CGI::Cookie.parse('return_to=http://rubyonrails.org/search?term=api&scope=all&global=true') + assert_equal({"return_to" => ["http://rubyonrails.org/search?term=api&scope=all&global=true"]}, cookies) + end end |