github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-31 01:08:19 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added URL escaping of user and password when used through the UrlWriter

Browse Source 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6314 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
David Heinemeier Hansson
2007-03-04 20:10:51 +00:00
parent a752099082
commit 4568c1d744
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actionpack/lib/action_controller/url_rewriter.rb
View File

@@ -111,7 +111,7 @@ module ActionController
def rewrite_authentication(options)
if options[:user] && options[:password]
"#{options.delete(:user)}:#{options.delete(:password)}@"
"#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@"
else
""
end

9
actionpack/test/controller/url_rewriter_test.rb
View File

@@ -29,7 +29,14 @@ class UrlRewriterTests < Test::Unit::TestCase
@rewriter.rewrite(:user => "david", :password => "secret", :controller => 'c', :action => 'a', :id => 'i')
)
end
def test_user_name_and_password_with_escape_codes
assert_equal(
'http://openid.aol.com%2Fnextangler:one+two%3F@test.host/c/a/i',
@rewriter.rewrite(:user => "openid.aol.com/nextangler", :password => "one two?", :controller => 'c', :action => 'a', :id => 'i')
)
end
def test_overwrite_params
@params[:controller] = 'hi'
@params[:action] = 'bye'