From f6ced69a11cdff56c2e87b84e775ef09c6d999d1 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Tue, 6 Sep 2011 17:25:20 -0700
Subject: Eliminate newlines in basic auth. fixes #2882

---
 actionpack/lib/action_controller/metal/http_authentication.rb | 2 +-
 actionpack/test/controller/http_basic_authentication_test.rb  | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 7420a5e7e9..264806cd36 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -145,7 +145,7 @@ module ActionController
       end
 
       def encode_credentials(user_name, password)
-        "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}"
+        "Basic #{ActiveSupport::Base64.encode64s("#{user_name}:#{password}")}"
       end
 
       def authentication_request(controller, realm)
diff --git a/actionpack/test/controller/http_basic_authentication_test.rb b/actionpack/test/controller/http_basic_authentication_test.rb
index bd3e13e6fa..364e96d4f6 100644
--- a/actionpack/test/controller/http_basic_authentication_test.rb
+++ b/actionpack/test/controller/http_basic_authentication_test.rb
@@ -85,6 +85,14 @@ class HttpBasicAuthenticationTest < ActionController::TestCase
     end
   end
 
+  def test_encode_credentials_has_no_newline
+    username = 'laskjdfhalksdjfhalkjdsfhalksdjfhklsdjhalksdjfhalksdjfhlakdsjfh'
+    password = 'kjfhueyt9485osdfasdkljfh4lkjhakldjfhalkdsjf'
+    result = ActionController::HttpAuthentication::Basic.encode_credentials(
+      username, password)
+    assert_no_match(/\n/, result)
+  end
+
   test "authentication request without credential" do
     get :display
 
-- 
cgit v1.2.3