diff options
-rw-r--r-- | actionpack/CHANGELOG | 5 | ||||
-rwxr-xr-x | actionpack/lib/action_controller/cgi_ext/cgi_methods.rb | 3 | ||||
-rwxr-xr-x | actionpack/test/controller/cgi_test.rb | 16 |
3 files changed, 22 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 7093ae7a11..53e6fb0ceb 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,6 +1,9 @@ *SVN* -* Added cuba to country list #1351 [todd] +* Fixed query parser to deal gracefully with equal signs inside keys and values #1345 [gorou]. + Example: /?sig=abcdef=:foobar=&x=y will pass now. + +* Added Cuba to country list #1351 [todd] * Fixed radio_button to work with numeric values #1352 [demetrius] diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb index 59439cf8e5..dc1b1189b5 100755 --- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb +++ b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb @@ -11,7 +11,8 @@ class CGIMethods #:nodoc: parsed_params = {} query_string.split(/[&;]/).each { |p| - k, v = p.split('=') + k, v = p.split('=',2) + v = nil if (!v.nil? && v.empty?) k = CGI.unescape(k) unless k.nil? v = CGI.unescape(v) unless v.nil? diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb index f0058d2bf8..1749eb0c80 100755 --- a/actionpack/test/controller/cgi_test.rb +++ b/actionpack/test/controller/cgi_test.rb @@ -21,6 +21,8 @@ class CGITest < Test::Unit::TestCase @query_string_with_amps = "action=create_customer&name=Don%27t+%26+Does" @query_string_with_multiple_of_same_name = "action=update_order&full_name=Lau%20Taarnskov&products=4&products=2&products=3" + @query_string_with_many_equal = "action=create_customer&full_name=abc=def=ghi" + @query_string_without_equal = "action" end def test_query_string @@ -51,6 +53,20 @@ class CGITest < Test::Unit::TestCase ) end + def test_query_string_with_many_equal + assert_equal( + { "action" => "create_customer", "full_name" => "abc=def=ghi"}, + CGIMethods.parse_query_parameters(@query_string_with_many_equal) + ) + end + + def test_query_string_without_equal + assert_equal( + { "action" => nil }, + CGIMethods.parse_query_parameters(@query_string_without_equal) + ) + end + def test_parse_params input = { "customers[boston][first][name]" => [ "David" ], |