Added URL escaping of user and password when used through the UrlWriter

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6314 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

Added URL escaping of user and password when used through the UrlWriter
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6314 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
4568c1d7 · David Heinemeier Hansson · a7520990 · 4568c1d7 · 4568c1d7
Showing with 9 addition and 2 deletion

actionpack/lib/action_controller/url_rewriter.rb actionpack/lib/action_controller/url_rewriter.rb +1 -1

actionpack/test/controller/url_rewriter_test.rb actionpack/test/controller/url_rewriter_test.rb +8 -1

未找到文件。
--- a/actionpack/lib/action_controller/url_rewriter.rb
+++ b/actionpack/lib/action_controller/url_rewriter.rb
@@ -111,7 +111,7 @@ def rewrite_path(options)
      
      def rewrite_authentication(options)
        if options[:user] && options[:password]
-          "#{options.delete(:user)}:#{options.delete(:password)}@"
+          "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@"
        else
          ""
        end

--- a/actionpack/test/controller/url_rewriter_test.rb
+++ b/actionpack/test/controller/url_rewriter_test.rb
@@ -29,7 +29,14 @@ def test_user_name_and_password
      @rewriter.rewrite(:user => "david", :password => "secret", :controller => 'c', :action => 'a', :id => 'i')
    )
  end
-  
+
+  def test_user_name_and_password_with_escape_codes
+    assert_equal(
+      'http://openid.aol.com%2Fnextangler:one+two%3F@test.host/c/a/i',
+      @rewriter.rewrite(:user => "openid.aol.com/nextangler", :password => "one two?", :controller => 'c', :action => 'a', :id => 'i')
+    )
+  end
+
  def test_overwrite_params
    @params[:controller] = 'hi'
    @params[:action] = 'bye'