From c8f7860d5034c2ab92c1a9fc3bc61cd5d80ee146 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Thu, 22 Feb 2007 01:17:28 +0000
Subject: CGI escape the session cookie.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/lib/action_controller/session/cookie_store.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack/lib/action_controller')

diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index 25717cc5e7..8763a4933a 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -81,13 +81,13 @@ class CGI::Session::CookieStore
     # Marshal a session hash into safe cookie data. Include an integrity hash.
     def marshal(session)
       data = Base64.encode64(Marshal.dump(session)).chop
-      "#{data}--#{generate_digest(data)}"
+      CGI.escape "#{data}--#{generate_digest(data)}"
     end
 
     # Unmarshal cookie data to a hash and verify its integrity.
     def unmarshal(cookie)
       if cookie
-        data, digest = cookie.split('--')
+        data, digest = CGI.unescape(cookie).split('--')
         raise TamperedWithCookie unless digest == generate_digest(data)
         Marshal.load(Base64.decode64(data))
       end
-- 
cgit v1.2.3