From 65e36d31819d46ea5934fa8c7222dcec04490423 Mon Sep 17 00:00:00 2001
From: Takayuki Matsubara <takayuki.1229@gmail.com>
Date: Wed, 30 Dec 2015 00:12:01 +0900
Subject: Escape cookie's key and value in ActionController::TestCase

Get an incorrect cookie value in controller action method
if cookie value contains an escapable string.
---
 actionpack/lib/action_dispatch/middleware/cookies.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_dispatch/middleware')

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 3477aa8b29..601b55cb8f 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -337,7 +337,7 @@ module ActionDispatch
       end
 
       def to_header
-        @cookies.map { |k,v| "#{k}=#{v}" }.join ';'
+        @cookies.map { |k,v| "#{::Rack::Utils.escape(k)}=#{::Rack::Utils.escape(v)}" }.join ';'
       end
 
       def handle_options(options) #:nodoc:
-- 
cgit v1.2.3