Permalink
Browse files

bug : poor escaping of parameters (URI -> CGI) fixed, thanks nmaisonn…

…euve
  • Loading branch information...
1 parent c3f63f5 commit 468c7e3c9556495fad0e3a27a6f09901cb82949b @jmettraux jmettraux committed Jan 11, 2010
Showing with 22 additions and 2 deletions.
  1. +2 −0 CHANGELOG.txt
  2. +1 −0 CREDITS.txt
  3. +5 −2 lib/rufus/verbs/endpoint.rb
  4. +14 −0 test/dryrun_test.rb
View
@@ -4,6 +4,8 @@
== rufus-verbs - 1.0.0 not yet released
+- bug : poor escaping of parameters (URI -> CGI) fixed, thanks nmaisonneuve
+
== rufus-verbs - 0.10 released 2008/05/28
View
@@ -3,6 +3,7 @@
== Feedback
+Nicolas Maisonneuve : http://github.com/nmaisonneuve
Scott Sproule : fopen() result didn't have a read() method
Maik Schmidt : missing 'rufus-lru'
@@ -23,6 +23,7 @@
#++
+require 'cgi'
require 'uri'
require 'yaml' # for StringIO (at least for now)
require 'net/http'
@@ -488,8 +489,10 @@ def h_to_query (h, opts)
h.entries.collect { |k, v|
unless o(opts, :no_escape)
- k = URI.escape k.to_s
- v = URI.escape v.to_s
+ #k = URI.escape k.to_s
+ #v = URI.escape v.to_s
+ k = CGI.escape(k.to_s)
+ v = CGI.escape(v.to_s)
end
"#{k}=#{v}"
}.join('&')
View
@@ -66,4 +66,18 @@ def test_1
assert_equal "/other?a=A&b=B", req.path
end
+
+ def test_cgi_escape
+
+ ep = Rufus::Verbs::EndPoint.new(
+ :host => 'localhost',
+ :resource => 'whatever')
+
+ req = ep.post(
+ :dry_run => true,
+ :resource => 'other',
+ :query => { 'a' => 'A&A', 'b' => 'B?B' })
+
+ assert_equal "/other?a=A%26A&b=B%3FB", req.path
+ end
end

0 comments on commit 468c7e3

Please sign in to comment.