aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
diff options
context:
space:
mode:
Diffstat (limited to 'actionview')
-rw-r--r--actionview/lib/action_view/helpers/url_helper.rb7
-rw-r--r--actionview/test/template/url_helper_test.rb8
2 files changed, 12 insertions, 3 deletions
diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb
index 6bfcfad60a..db0fb40336 100644
--- a/actionview/lib/action_view/helpers/url_helper.rb
+++ b/actionview/lib/action_view/helpers/url_helper.rb
@@ -528,17 +528,18 @@ module ActionView
return false unless request.get? || request.head?
- url_string = url_for(options)
+ url_string = URI.unescape(url_for(options)).force_encoding(Encoding::BINARY)
# We ignore any extra parameters in the request_uri if the
# submitted url doesn't have any either. This lets the function
# work with things like ?order=asc
request_uri = url_string.index("?") ? request.fullpath : request.path
+ request_uri = URI.unescape(request_uri).force_encoding(Encoding::BINARY)
if url_string =~ /^\w+:\/\//
- URI.unescape(url_string) == URI.unescape("#{request.protocol}#{request.host_with_port}#{request_uri}")
+ url_string == "#{request.protocol}#{request.host_with_port}#{request_uri}"
else
- URI.unescape(url_string) == URI.unescape(request_uri)
+ url_string == request_uri
end
end
diff --git a/actionview/test/template/url_helper_test.rb b/actionview/test/template/url_helper_test.rb
index 9d9bd01de0..d512fa9913 100644
--- a/actionview/test/template/url_helper_test.rb
+++ b/actionview/test/template/url_helper_test.rb
@@ -408,6 +408,14 @@ class UrlHelperTest < ActiveSupport::TestCase
assert current_page?(controller: 'foo', action: 'category', category: 'administração')
end
+ def test_current_page_with_escaped_params_with_different_encoding
+ @request = request_for_url("/")
+ @request.stub(:path, "/category/administra%c3%a7%c3%a3o".force_encoding(Encoding::ASCII_8BIT)) do
+ assert current_page?(:controller => 'foo', :action => 'category', category: 'administração')
+ assert current_page?("http://www.example.com/category/administra%c3%a7%c3%a3o")
+ end
+ end
+
def test_current_page_with_double_escaped_params
@request = request_for_url("/category/administra%c3%a7%c3%a3o?callback_url=http%3a%2f%2fexample.com%2ffoo")
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-27 23:18:17 +0000