SafeBuffer#gsub is broken

[ConradIrwin]

The latest patch breaks $-variable binding in the callback to gsub on SafeStrings:

before:
"a".html_safe.gsub(/(a)/) { $1 } == "a"
after:
"a".html_safe.gsub(/(a)/) { $1 } == ""

We noticed this because CGI::escape uses this behaviour, so if you pass a safe buffer as a URL argument to a url helper, you will get an exception, a snippet from our codebase:

link_to "Please log in", login_url(:return_to => url_for(params))

# The error occurred while evaluating nil.size
# /home/conrad/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/cgi.rb:343:in `escape'

This is because $ variables are bound in the scope of the immediate caller to String#gsub not in the scope of the block you pass in.

[reinh]

+1

[simianarmy]

+1 for me too. Reproduce with this code:

https://gist.github.com/1281815

[simianarmy]

I found a fix by Matz from a really old thread (2003!) (http://www.justskins.com/forums/bug-when-rerouting-string-52852.html).
I tried it & it worked for me...I will add as pull request if you want to use it.
simianarmy@fde57a4

• Update:
  Just tested on Ruby 1.9.2...it doesn't work. That fix causes the error message:
  wrong argument type Proc (expected Binding)

[korny]

Damn. I resorted to overwriting CGI::escape:

def CGI::escape(string)
  string.gsub(/([^ a-zA-Z0-9_.-]+)/n) do |unsafe|
    '%' + unsafe.unpack('H2' * unsafe.size).join('%').upcase
  end.tr(' ', '+')
end

Matz' trick may work, but it's too strange for me ;-)

Edit: I see that CGI.escape is not the only affected method. So, I'm using simianarmy's workaround now. Thank you for this!