From 65e36d31819d46ea5934fa8c7222dcec04490423 Mon Sep 17 00:00:00 2001
From: Takayuki Matsubara <takayuki.1229@gmail.com>
Date: Wed, 30 Dec 2015 00:12:01 +0900
Subject: Escape cookie's key and value in ActionController::TestCase

Get an incorrect cookie value in controller action method
if cookie value contains an escapable string.
---
 actionpack/lib/action_dispatch/middleware/cookies.rb | 2 +-
 actionpack/test/controller/test_case_test.rb         | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 3477aa8b29..601b55cb8f 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -337,7 +337,7 @@ module ActionDispatch
       end
 
       def to_header
-        @cookies.map { |k,v| "#{k}=#{v}" }.join ';'
+        @cookies.map { |k,v| "#{::Rack::Utils.escape(k)}=#{::Rack::Utils.escape(v)}" }.join ';'
       end
 
       def handle_options(options) #:nodoc:
diff --git a/actionpack/test/controller/test_case_test.rb b/actionpack/test/controller/test_case_test.rb
index b9caddcdb7..a054477282 100644
--- a/actionpack/test/controller/test_case_test.rb
+++ b/actionpack/test/controller/test_case_test.rb
@@ -137,6 +137,11 @@ XML
       head :created, location: 'created resource'
     end
 
+    def read_cookie
+      cookies["foo"]
+      render plain: 'ok'
+    end
+
     def delete_cookie
       cookies.delete("foo")
       render plain: 'ok'
@@ -825,8 +830,10 @@ XML
 
   def test_should_have_knowledge_of_client_side_cookie_state_even_if_they_are_not_set
     cookies['foo'] = 'bar'
+    cookies['escape'] = '+'
     get :no_op
     assert_equal 'bar', cookies['foo']
+    assert_equal '+', cookies['escape']
   end
 
   def test_should_detect_if_cookie_is_deleted
-- 
cgit v1.2.3