From a895be0259eb2e47fab8de3c8d30c700a304d441 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Thu, 16 Jun 2005 06:42:49 +0000
Subject: Fixed query parser to deal gracefully with equal signs inside keys
 and values #1345 [gorou]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1441 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/CHANGELOG                                    |  5 ++++-
 actionpack/lib/action_controller/cgi_ext/cgi_methods.rb |  3 ++-
 actionpack/test/controller/cgi_test.rb                  | 16 ++++++++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 7093ae7a11..53e6fb0ceb 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,6 +1,9 @@
 *SVN*
 
-* Added cuba to country list #1351 [todd]
+* Fixed query parser to deal gracefully with equal signs inside keys and values #1345 [gorou]. 
+  Example: /?sig=abcdef=:foobar=&x=y will pass now. 
+
+* Added Cuba to country list #1351 [todd]
 
 * Fixed radio_button to work with numeric values #1352 [demetrius]
 
diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
index 59439cf8e5..dc1b1189b5 100755
--- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
+++ b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
@@ -11,7 +11,8 @@ class CGIMethods #:nodoc:
       parsed_params = {}
   
       query_string.split(/[&;]/).each { |p| 
-        k, v = p.split('=')
+        k, v = p.split('=',2)
+        v = nil if (!v.nil? && v.empty?)
 
         k = CGI.unescape(k) unless k.nil?
         v = CGI.unescape(v) unless v.nil?
diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb
index f0058d2bf8..1749eb0c80 100755
--- a/actionpack/test/controller/cgi_test.rb
+++ b/actionpack/test/controller/cgi_test.rb
@@ -21,6 +21,8 @@ class CGITest < Test::Unit::TestCase
     @query_string_with_amps  = "action=create_customer&name=Don%27t+%26+Does"
     @query_string_with_multiple_of_same_name = 
       "action=update_order&full_name=Lau%20Taarnskov&products=4&products=2&products=3"
+    @query_string_with_many_equal = "action=create_customer&full_name=abc=def=ghi"
+    @query_string_without_equal = "action"
   end
 
   def test_query_string
@@ -51,6 +53,20 @@ class CGITest < Test::Unit::TestCase
     )    
   end
   
+  def test_query_string_with_many_equal
+    assert_equal(
+      { "action" => "create_customer", "full_name" => "abc=def=ghi"},
+      CGIMethods.parse_query_parameters(@query_string_with_many_equal)
+    )    
+  end
+  
+  def test_query_string_without_equal
+    assert_equal(
+      { "action" => nil },
+      CGIMethods.parse_query_parameters(@query_string_without_equal)
+    )    
+  end
+  
   def test_parse_params
     input = {
       "customers[boston][first][name]" => [ "David" ],
-- 
cgit v1.2.3