Permalink
Browse files

Added URL escaping of user and password when used through the UrlWriter

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6314 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
dhh committed Mar 4, 2007
1 parent a752099 commit 4568c1d74424e2dcd370e9ee111ff61df2057fef
@@ -111,7 +111,7 @@ def rewrite_path(options)
def rewrite_authentication(options)
if options[:user] && options[:password]
- "#{options.delete(:user)}:#{options.delete(:password)}@"
+ "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@"
else
""
end
@@ -29,7 +29,14 @@ def test_user_name_and_password
@rewriter.rewrite(:user => "david", :password => "secret", :controller => 'c', :action => 'a', :id => 'i')
)
end
-
+
+ def test_user_name_and_password_with_escape_codes
+ assert_equal(
+ 'http://openid.aol.com%2Fnextangler:one+two%3F@test.host/c/a/i',
+ @rewriter.rewrite(:user => "openid.aol.com/nextangler", :password => "one two?", :controller => 'c', :action => 'a', :id => 'i')
+ )
+ end
+
def test_overwrite_params
@params[:controller] = 'hi'
@params[:action] = 'bye'

0 comments on commit 4568c1d

Please sign in to comment.