Permalink
Browse files

remove support for ampersand-delimited cookie values

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8861 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent 8739390 commit 11787b802a1ea8152507e94940f9af394d343c4c @jamis jamis committed Feb 12, 2008
View
2 actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Remove support for multivalued (e.g., '&'-delimited) cookies. [Jamis Buck]
+
* Fix problem with render :partial collections, records, and locals. #11057 [lotswholetime]
* Added support for naming concrete classes in sweeper declarations [DHH]
View
7 actionpack/lib/action_controller/cgi_ext/cookie.rb
@@ -90,12 +90,11 @@ def self.parse(raw_cookie)
if raw_cookie
raw_cookie.split(/;\s?/).each do |pairs|
- name, values = pairs.split('=',2)
- next unless name and values
+ name, value = pairs.split('=',2)
+ next unless name and value
name = CGI::unescape(name)
- values = values.split('&').collect!{|v| CGI::unescape(v) }
unless cookies.has_key?(name)
- cookies[name] = new(name, *values)
+ cookies[name] = new(name, CGI::unescape(value))
end
end
end
View
5 actionpack/test/controller/cookie_test.rb
@@ -132,4 +132,9 @@ def test_cookie_to_s_hash_default_not_secure_not_http_only
assert cookie_str !~ /secure/
assert cookie_str !~ /HttpOnly/
end
+
+ def test_cookies_should_not_be_split_on_ampersand_values
+ cookies = CGI::Cookie.parse('return_to=http://rubyonrails.org/search?term=api&scope=all&global=true')
+ assert_equal({"return_to" => ["http://rubyonrails.org/search?term=api&scope=all&global=true"]}, cookies)
+ end
end

8 comments on commit 11787b8

@NZKoz
Ruby on Rails member

BECAUSE

Please raise this on the core list not in pithy one word comments on changesets that are now months old. In short, this change complies with the HTTP spec and lets you store URLs in there.

@NZKoz
Ruby on Rails member

BECAUSE

Please raise this on the core list not in pithy one word comments on changesets that are now months old. In short, this change complies with the HTTP spec and lets you store URLs in there.

@NZKoz
Ruby on Rails member

BECAUSE

Please raise this on the core list not in pithy one word comments on changesets that are now months old. In short, this change complies with the HTTP spec and lets you store URLs in there.

@NZKoz
Ruby on Rails member

BECAUSE

Please raise this on the core list not in pithy one word comments on changesets that are now months old. In short, this change complies with the HTTP spec and lets you store URLs in there.

@NZKoz
Ruby on Rails member

BECAUSE

Please raise this on the core list not in pithy one word comments on changesets that are now months old. In short, this change complies with the HTTP spec and lets you store URLs in there.

@NZKoz
Ruby on Rails member

Awesome, 6fold comment for no reason that makes me sound crotchety and angry when I was trying to make a joke…

@geoffgarside

Beeeeecaaaaause…. of the wonderful things that he does.. :D

Please sign in to comment.