Use CGI::Cookie::parse for request cookies until we officially deprecated CGI.

actionpack/lib/action_controller/rack_process.rb

@@ -49,21 +49,12 @@ def request_parameters
     def cookies
       return {} unless @env["HTTP_COOKIE"]
 
-      if @env["rack.request.cookie_string"] == @env["HTTP_COOKIE"]
-        @env["rack.request.cookie_hash"]
-      else
+      unless @env["rack.request.cookie_string"] == @env["HTTP_COOKIE"]
         @env["rack.request.cookie_string"] = @env["HTTP_COOKIE"]
-        # According to RFC 2109:
-        #   If multiple cookies satisfy the criteria above, they are ordered in
-        #   the Cookie header such that those with more specific Path attributes
-        #   precede those with less specific.  Ordering with respect to other
-        #   attributes (e.g., Domain) is unspecified.
-        @env["rack.request.cookie_hash"] =
-          parse_query(@env["rack.request.cookie_string"], ';,').inject({}) { |h, (k,v)|
-            h[k] = Array === v ? v.first : v
-            h
-          }
+        @env["rack.request.cookie_hash"] = CGI::Cookie::parse(@env["rack.request.cookie_string"])
       end
+
+      @env["rack.request.cookie_hash"]
     end
 
     def host_with_port_without_standard_port_handling
@@ -170,31 +161,6 @@ def stale_session_check!
       def session_options_with_string_keys
         @session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys
       end
-
-      # From Rack::Utils
-      def parse_query(qs, d = '&;')
-        params = {}
-        (qs || '').split(/[#{d}] */n).inject(params) { |h,p|
-          k, v = unescape(p).split('=',2)
-          if cur = params[k]
-            if cur.class == Array
-              params[k] << v
-            else
-              params[k] = [cur, v]
-            end
-          else
-            params[k] = v
-          end
-        }
-
-        return params
-      end
-
-      def unescape(s)
-        s.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/n){
-          [$1.delete('%')].pack('H*')
-        }
-      end
   end
 
   class RackResponse < AbstractResponse #:nodoc:

actionpack/test/controller/rack_test.rb

@@ -33,10 +33,10 @@ def setup
       "REDIRECT_STATUS" => "200",
       "REQUEST_METHOD" => "GET"
     }
+    @request = ActionController::RackRequest.new(@env)
     # some Nokia phone browsers omit the space after the semicolon separator.
     # some developers have grown accustomed to using comma in cookie values.
-    @alt_cookie_fmt_request_hash = {"HTTP_COOKIE"=>"_session_id=c84ace847,96670c052c6ceb2451fb0f2;is_admin=yes"}
-    @request = ActionController::RackRequest.new(@env)
+    @alt_cookie_fmt_request = ActionController::RackRequest.new(@env.merge({"HTTP_COOKIE"=>"_session_id=c84ace847,96670c052c6ceb2451fb0f2;is_admin=yes"}))
   end
 
   def default_test; end
@@ -100,11 +100,11 @@ def test_host_if_ipv6_reference_with_port
   end
 
   def test_cookie_syntax_resilience
-    cookies = CGI::Cookie::parse(@env["HTTP_COOKIE"]);
+    cookies = @request.cookies
     assert_equal ["c84ace84796670c052c6ceb2451fb0f2"], cookies["_session_id"], cookies.inspect
     assert_equal ["yes"], cookies["is_admin"], cookies.inspect
 
-    alt_cookies = CGI::Cookie::parse(@alt_cookie_fmt_request_hash["HTTP_COOKIE"]);
+    alt_cookies = @alt_cookie_fmt_request.cookies
     assert_equal ["c84ace847,96670c052c6ceb2451fb0f2"], alt_cookies["_session_id"], alt_cookies.inspect
     assert_equal ["yes"], alt_cookies["is_admin"], alt_cookies.inspect
   end