Permalink
Browse files

Routing uses URI escaping for path components and CGI escaping for qu…

…ery parameters.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5803 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent 5cf118b commit f9f84d9f6dea72cae4fc8e31448df408caccbd59 @jeremy jeremy committed Dec 28, 2006
View
@@ -1,5 +1,7 @@
*SVN*
+* Routing uses URI escaping for path components and CGI escaping for query parameters. [darix, Jeremy Kemper]
+
* Fix assert_redirected_to bug where redirecting from a nested to to a top-level controller incorrectly added the current controller's nesting. Closes #6128. [Rick Olson]
* Singleton resources: POST /singleton => create, GET /singleton/new => new. [Jeremy Kemper]
@@ -1,4 +1,5 @@
require 'cgi'
+require 'uri'
class Object
def to_param
@@ -601,7 +602,7 @@ def initialize(value = nil)
end
def interpolation_chunk
- raw? ? value : CGI.escape(value)
+ raw? ? value : URI.escape(value)
end
def regexp_chunk
@@ -682,7 +683,7 @@ def extraction_code
end
def interpolation_chunk
- "\#{CGI.escape(#{local_name}.to_s)}"
+ "\#{URI.escape(#{local_name}.to_s)}"
end
def string_structure(prior_segments)
@@ -731,7 +732,7 @@ def regexp_chunk
"(?i-:(#{(regexp || Regexp.union(*possible_names)).source}))"
end
- # Don't CGI.escape the controller name, since it may have slashes in it,
+ # Don't URI.escape the controller name, since it may have slashes in it,
# like admin/foo.
def interpolation_chunk
"\#{#{local_name}.to_s}"
@@ -753,9 +754,9 @@ def match_extraction(next_capture)
end
class PathSegment < DynamicSegment
- EscapedSlash = CGI.escape("/")
+ EscapedSlash = URI.escape("/")
def interpolation_chunk
- "\#{CGI.escape(#{local_name}.to_s).gsub(#{EscapedSlash.inspect}, '/')}"
+ "\#{URI.escape(#{local_name}.to_s).gsub(#{EscapedSlash.inspect}, '/')}"
end
def default
@@ -777,7 +778,7 @@ def regexp_chunk
class Result < ::Array #:nodoc:
def to_s() join '/' end
def self.new_escaped(strings)
- new strings.collect {|str| CGI.unescape str}
+ new strings.collect {|str| URI.unescape str}
end
end
end
@@ -1256,7 +1257,7 @@ def recognize(request)
end
def recognize_path(path, environment={})
- path = CGI.unescape(path)
+ path = URI.unescape(path)
routes.each do |route|
result = route.recognize(path, environment) and return result
end
@@ -207,8 +207,15 @@ def test_paths_escaped
map.path 'file/*path', :controller => 'content', :action => 'show_file'
map.connect ':controller/:action/:id'
end
+
+ # No + to space in URI escaping, only for query params.
results = rs.recognize_path "/file/hello+world/how+are+you%3F"
assert results, "Recognition should have succeeded"
+ assert_equal ['hello+world', 'how+are+you?'], results[:path]
+
+ # Use %20 for space instead.
+ results = rs.recognize_path "/file/hello%20world/how%20are%20you%3F"
+ assert results, "Recognition should have succeeded"
assert_equal ['hello world', 'how are you?'], results[:path]
results = rs.recognize_path "/file"
@@ -1457,11 +1464,11 @@ def test_non_path_route_requirements_match_all
def test_recognize_with_encoded_id_and_regex
set.draw do |map|
- map.connect 'page/:id', :controller => 'pages', :action => 'show', :id => /[a-zA-Z0-9 ]+/
+ map.connect 'page/:id', :controller => 'pages', :action => 'show', :id => /[a-zA-Z0-9\+]+/
end
assert_equal({:controller => 'pages', :action => 'show', :id => '10'}, set.recognize_path('/page/10'))
- assert_equal({:controller => 'pages', :action => 'show', :id => 'hello world'}, set.recognize_path('/page/hello+world'))
+ assert_equal({:controller => 'pages', :action => 'show', :id => 'hello+world'}, set.recognize_path('/page/hello+world'))
end
def test_recognize_with_conditions

0 comments on commit f9f84d9

Please sign in to comment.