2 files changed, 89 insertions, 0 deletions

diff --git a/actionpack/test/action_dispatch/routing/mapper_test.rb b/actionpack/test/action_dispatch/routing/mapper_test.rb
new file mode 100644
index 0000000000..9966234f1b
--- /dev/null
+++ b/actionpack/test/action_dispatch/routing/mapper_test.rb
@@ -0,0 +1,51 @@
+require 'abstract_unit'
+
+module ActionDispatch
+  module Routing
+    class MapperTest < ActiveSupport::TestCase
+      class FakeSet
+        attr_reader :routes
+
+        def initialize
+          @routes = []
+        end
+
+        def resources_path_names
+          {}
+        end
+
+        def request_class
+          ActionDispatch::Request
+        end
+
+        def add_route(*args)
+          routes << args
+        end
+
+        def conditions
+          routes.map { |x| x[1] }
+        end
+      end
+
+      def test_initialize
+        Mapper.new FakeSet.new
+      end
+
+      def test_map_slash
+        fakeset = FakeSet.new
+        mapper = Mapper.new fakeset
+        mapper.match '/', :to => 'posts#index', :as => :main
+        assert_equal '/', fakeset.conditions.first[:path_info]
+      end
+
+      def test_map_more_slashes
+        fakeset = FakeSet.new
+        mapper = Mapper.new fakeset
+
+        # FIXME: is this a desired behavior?
+        mapper.match '/one/two/', :to => 'posts#index', :as => :main
+        assert_equal '/one/two(.:format)', fakeset.conditions.first[:path_info]
+      end
+    end
+  end
+end
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
index dd5bf5ec2d..f03ae7f2b3 100644
--- a/actionpack/test/dispatch/request_test.rb
+++ b/actionpack/test/dispatch/request_test.rb
@@ -518,6 +518,44 @@ class RequestTest < ActiveSupport::TestCase
     assert_equal "1", request.params["step"]
   end
 
+  test "filtered_path returns path with filtered query string" do
+    %w(; &).each do |sep|
+      request = stub_request('QUERY_STRING' => %w(username=sikachu secret=bd4f21f api_key=b1bc3b3cd352f68d79d7).join(sep),
+        'PATH_INFO' => '/authenticate',
+        'action_dispatch.parameter_filter' => [:secret, :api_key])
+
+      path = request.filtered_path
+      assert_equal %w(/authenticate?username=sikachu secret=[FILTERED] api_key=[FILTERED]).join(sep), path
+    end
+  end
+
+  test "filtered_path should not unescape a genuine '[FILTERED]' value" do
+    request = stub_request('QUERY_STRING' => "secret=bd4f21f&genuine=%5BFILTERED%5D",
+      'PATH_INFO' => '/authenticate',
+      'action_dispatch.parameter_filter' => [:secret])
+
+    path = request.filtered_path
+    assert_equal "/authenticate?secret=[FILTERED]&genuine=%5BFILTERED%5D", path
+  end
+
+  test "filtered_path should preserve duplication of keys in query string" do
+    request = stub_request('QUERY_STRING' => "username=sikachu&secret=bd4f21f&username=fxn",
+      'PATH_INFO' => '/authenticate',
+      'action_dispatch.parameter_filter' => [:secret])
+
+    path = request.filtered_path
+    assert_equal "/authenticate?username=sikachu&secret=[FILTERED]&username=fxn", path
+  end
+
+  test "filtered_path should ignore searchparts" do
+    request = stub_request('QUERY_STRING' => "secret",
+      'PATH_INFO' => '/authenticate',
+      'action_dispatch.parameter_filter' => [:secret])
+
+    path = request.filtered_path
+    assert_equal "/authenticate?secret", path
+  end
+
 protected
 
   def stub_request(env = {})