Escape cookie's key and value in ActionController::TestCase

Get an incorrect cookie value in controller action method if cookie value contains an escapable string.

Escape cookie's key and value in ActionController::TestCase
Get an incorrect cookie value in controller action method if cookie value contains an escapable string.
65e36d31 · Takayuki Matsubara · 929c6157 · 65e36d31 · 65e36d31
Showing with 8 addition and 1 deletion

actionpack/lib/action_dispatch/middleware/cookies.rb actionpack/lib/action_dispatch/middleware/cookies.rb +1 -1

actionpack/test/controller/test_case_test.rb actionpack/test/controller/test_case_test.rb +7 -0

未找到文件。
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -337,7 +337,7 @@ def update_cookies_from_jar
      end

      def to_header
-        @cookies.map { |k,v| "#{k}=#{v}" }.join ';'
+        @cookies.map { |k,v| "#{::Rack::Utils.escape(k)}=#{::Rack::Utils.escape(v)}" }.join ';'
      end

      def handle_options(options) #:nodoc:

--- a/actionpack/test/controller/test_case_test.rb
+++ b/actionpack/test/controller/test_case_test.rb
@@ -137,6 +137,11 @@ def create
      head :created, location: 'created resource'
    end

+    def read_cookie
+      cookies["foo"]
+      render plain: 'ok'
+    end
+
    def delete_cookie
      cookies.delete("foo")
      render plain: 'ok'
@@ -825,8 +830,10 @@ def test_request_format_kwarg_overrides_params

  def test_should_have_knowledge_of_client_side_cookie_state_even_if_they_are_not_set
    cookies['foo'] = 'bar'
+    cookies['escape'] = '+'
    get :no_op
    assert_equal 'bar', cookies['foo']
+    assert_equal '+', cookies['escape']
  end

  def test_should_detect_if_cookie_is_deleted