Skip to content
Browse files

Added URL escaping of user and password when used through the UrlWriter

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6314 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent a752099 commit 4568c1d74424e2dcd370e9ee111ff61df2057fef @dhh dhh committed
View
2 actionpack/lib/action_controller/url_rewriter.rb
@@ -111,7 +111,7 @@ def rewrite_path(options)
def rewrite_authentication(options)
if options[:user] && options[:password]
- "#{options.delete(:user)}:#{options.delete(:password)}@"
+ "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@"
else
""
end
View
9 actionpack/test/controller/url_rewriter_test.rb
@@ -29,7 +29,14 @@ def test_user_name_and_password
@rewriter.rewrite(:user => "david", :password => "secret", :controller => 'c', :action => 'a', :id => 'i')
)
end
-
+
+ def test_user_name_and_password_with_escape_codes
+ assert_equal(
+ 'http://openid.aol.com%2Fnextangler:one+two%3F@test.host/c/a/i',
+ @rewriter.rewrite(:user => "openid.aol.com/nextangler", :password => "one two?", :controller => 'c', :action => 'a', :id => 'i')
+ )
+ end
+
def test_overwrite_params
@params[:controller] = 'hi'
@params[:action] = 'bye'

0 comments on commit 4568c1d

Please sign in to comment.
Something went wrong with that request. Please try again.