diff options
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/caching.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/caching_test.rb | 14 |
3 files changed, 17 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index f357945ed9..a42de8037e 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Added protection from trailing slashes on page caching #10229 [devrieda] + * Asset timestamps are appended, not prepended. Closes #10276 [mnaberez] * Minor inconsistency in description of render example. Closes #10029 [ScottSchram] diff --git a/actionpack/lib/action_controller/caching.rb b/actionpack/lib/action_controller/caching.rb index ce03a979f8..28426bd047 100644 --- a/actionpack/lib/action_controller/caching.rb +++ b/actionpack/lib/action_controller/caching.rb @@ -106,7 +106,7 @@ module ActionController #:nodoc: private def page_cache_file(path) - name = ((path.empty? || path == "/") ? "/index" : URI.unescape(path)) + name = (path.empty? || path == "/") ? "/index" : URI.unescape(path.chomp('/')) name << page_cache_extension unless (name.split('/').last || name).include? '.' return name end diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index 828b2fbf26..d6982fbc86 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -35,6 +35,10 @@ class PageCachingTestController < ActionController::Base expire_page("/index.html") head :ok end + + def trailing_slash + render :text => "Sneak attack" + end end class PageCachingTest < Test::Unit::TestCase @@ -91,6 +95,16 @@ class PageCachingTest < Test::Unit::TestCase get :expire_custom_path assert !File.exist?("#{FILE_STORE_PATH}/index.html") end + + def test_should_cache_without_trailing_slash_on_url + @controller.class.cache_page 'cached content', '/page_caching_test/trailing_slash' + assert File.exist?("#{FILE_STORE_PATH}/page_caching_test/trailing_slash.html") + end + + def test_should_cache_with_trailing_slash_on_url + @controller.class.cache_page 'cached content', '/page_caching_test/trailing_slash/' + assert File.exist?("#{FILE_STORE_PATH}/page_caching_test/trailing_slash.html") + end uses_mocha("should_cache_ok_at_custom_path") do def test_should_cache_ok_at_custom_path |