diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_controller/url_rewriter.rb | 2 | ||||
-rw-r--r-- | actionpack/test/controller/url_rewriter_test.rb | 9 |
2 files changed, 9 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/url_rewriter.rb b/actionpack/lib/action_controller/url_rewriter.rb index d2b324da96..66b77e405f 100644 --- a/actionpack/lib/action_controller/url_rewriter.rb +++ b/actionpack/lib/action_controller/url_rewriter.rb @@ -111,7 +111,7 @@ module ActionController def rewrite_authentication(options) if options[:user] && options[:password] - "#{options.delete(:user)}:#{options.delete(:password)}@" + "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@" else "" end diff --git a/actionpack/test/controller/url_rewriter_test.rb b/actionpack/test/controller/url_rewriter_test.rb index 178f44f15f..fb3e318ffd 100644 --- a/actionpack/test/controller/url_rewriter_test.rb +++ b/actionpack/test/controller/url_rewriter_test.rb @@ -29,7 +29,14 @@ class UrlRewriterTests < Test::Unit::TestCase @rewriter.rewrite(:user => "david", :password => "secret", :controller => 'c', :action => 'a', :id => 'i') ) end - + + def test_user_name_and_password_with_escape_codes + assert_equal( + 'http://openid.aol.com%2Fnextangler:one+two%3F@test.host/c/a/i', + @rewriter.rewrite(:user => "openid.aol.com/nextangler", :password => "one two?", :controller => 'c', :action => 'a', :id => 'i') + ) + end + def test_overwrite_params @params[:controller] = 'hi' @params[:action] = 'bye' |