Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Escape the entire path before trying to recognize it (closes #3671)

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4436 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit 149f5cad856f14b53780619a3efc0258cdd4759b 1 parent 2ffc84d
@jamis jamis authored
View
2  actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Escape the path before routing recognition. #3671
+
* Make sure :id and friends are unescaped properly. #5275 [me@julik.nl]
* Fix documentation for with_routing to reflect new reality. #5281 [rramdas@gmail.com]
View
3  actionpack/lib/action_controller/routing.rb
@@ -502,7 +502,7 @@ def match_extraction(next_capture)
hangon = (default ? "|| #{default.inspect}" : "if match[#{next_capture}]")
# All non code-related keys (such as :id, :slug) have to be unescaped as other CGI params
- "params[:#{key}] = match[#{next_capture}] && CGI.unescape(match[#{next_capture}]) #{hangon}"
+ "params[:#{key}] = match[#{next_capture}] #{hangon}"
end
def optionality_implied?
@@ -991,6 +991,7 @@ def recognize(request)
end
def recognize_path(path, environment={})
+ path = CGI.unescape(path)
routes.each do |route|
result = route.recognize(path, environment) and return result
end
View
9 actionpack/test/controller/routing_test.rb
@@ -1207,6 +1207,15 @@ def test_route_with_parameter_shell
end
end
+ def test_recognize_with_encoded_id_and_regex
+ set.draw do |map|
+ map.connect 'page/:id', :controller => 'pages', :action => 'show', :id => /[a-zA-Z0-9 ]+/
+ end
+
+ assert_equal({:controller => 'pages', :action => 'show', :id => '10'}, set.recognize_path('/page/10'))
+ assert_equal({:controller => 'pages', :action => 'show', :id => 'hello world'}, set.recognize_path('/page/hello+world'))
+ end
+
def test_recognize_with_conditions
Object.const_set(:PeopleController, Class.new)
Please sign in to comment.
Something went wrong with that request. Please try again.