aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--actionpack/CHANGELOG5
-rwxr-xr-xactionpack/lib/action_controller/cgi_ext/cgi_methods.rb3
-rwxr-xr-xactionpack/test/controller/cgi_test.rb16
3 files changed, 22 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 7093ae7a11..53e6fb0ceb 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,6 +1,9 @@
*SVN*
-* Added cuba to country list #1351 [todd]
+* Fixed query parser to deal gracefully with equal signs inside keys and values #1345 [gorou].
+ Example: /?sig=abcdef=:foobar=&x=y will pass now.
+
+* Added Cuba to country list #1351 [todd]
* Fixed radio_button to work with numeric values #1352 [demetrius]
diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
index 59439cf8e5..dc1b1189b5 100755
--- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
+++ b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
@@ -11,7 +11,8 @@ class CGIMethods #:nodoc:
parsed_params = {}
query_string.split(/[&;]/).each { |p|
- k, v = p.split('=')
+ k, v = p.split('=',2)
+ v = nil if (!v.nil? && v.empty?)
k = CGI.unescape(k) unless k.nil?
v = CGI.unescape(v) unless v.nil?
diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb
index f0058d2bf8..1749eb0c80 100755
--- a/actionpack/test/controller/cgi_test.rb
+++ b/actionpack/test/controller/cgi_test.rb
@@ -21,6 +21,8 @@ class CGITest < Test::Unit::TestCase
@query_string_with_amps = "action=create_customer&name=Don%27t+%26+Does"
@query_string_with_multiple_of_same_name =
"action=update_order&full_name=Lau%20Taarnskov&products=4&products=2&products=3"
+ @query_string_with_many_equal = "action=create_customer&full_name=abc=def=ghi"
+ @query_string_without_equal = "action"
end
def test_query_string
@@ -51,6 +53,20 @@ class CGITest < Test::Unit::TestCase
)
end
+ def test_query_string_with_many_equal
+ assert_equal(
+ { "action" => "create_customer", "full_name" => "abc=def=ghi"},
+ CGIMethods.parse_query_parameters(@query_string_with_many_equal)
+ )
+ end
+
+ def test_query_string_without_equal
+ assert_equal(
+ { "action" => nil },
+ CGIMethods.parse_query_parameters(@query_string_without_equal)
+ )
+ end
+
def test_parse_params
input = {
"customers[boston][first][name]" => [ "David" ],