remove support for ampersand-delimited cookie values
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8861 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
8739390134
commit
11787b802a
@ -1,5 +1,7 @@
|
||||
*SVN*
|
||||
|
||||
* Remove support for multivalued (e.g., '&'-delimited) cookies. [Jamis Buck]
|
||||
|
||||
* Fix problem with render :partial collections, records, and locals. #11057 [lotswholetime]
|
||||
|
||||
* Added support for naming concrete classes in sweeper declarations [DHH]
|
||||
|
@ -90,12 +90,11 @@ def self.parse(raw_cookie)
|
||||
|
||||
if raw_cookie
|
||||
raw_cookie.split(/;\s?/).each do |pairs|
|
||||
name, values = pairs.split('=',2)
|
||||
next unless name and values
|
||||
name, value = pairs.split('=',2)
|
||||
next unless name and value
|
||||
name = CGI::unescape(name)
|
||||
values = values.split('&').collect!{|v| CGI::unescape(v) }
|
||||
unless cookies.has_key?(name)
|
||||
cookies[name] = new(name, *values)
|
||||
cookies[name] = new(name, CGI::unescape(value))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -132,4 +132,9 @@ def test_cookie_to_s_hash_default_not_secure_not_http_only
|
||||
assert cookie_str !~ /secure/
|
||||
assert cookie_str !~ /HttpOnly/
|
||||
end
|
||||
|
||||
def test_cookies_should_not_be_split_on_ampersand_values
|
||||
cookies = CGI::Cookie.parse('return_to=http://rubyonrails.org/search?term=api&scope=all&global=true')
|
||||
assert_equal({"return_to" => ["http://rubyonrails.org/search?term=api&scope=all&global=true"]}, cookies)
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user