mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Fixed optimized route segment escaping. Closes #9562.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7487 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
3f29043f45
commit
148202d401
4 changed files with 38 additions and 30 deletions
|
@ -1,5 +1,7 @@
|
|||
*SVN*
|
||||
|
||||
* Fixed optimized route segment escaping. #9562 [wildchild, Jeremy Kemper]
|
||||
|
||||
* root_path returns '/' not ''. #9563 [lifofifo]
|
||||
|
||||
* Fixed that setting request.format should also affect respond_to blocks [DHH]
|
||||
|
|
|
@ -718,8 +718,8 @@ module ActionController
|
|||
s << "\n#{expiry_statement}"
|
||||
end
|
||||
|
||||
def interpolation_chunk
|
||||
"\#{URI.escape(#{local_name}.to_s, ActionController::Routing::Segment::UNSAFE_PCHAR)}"
|
||||
def interpolation_chunk(value_code = "#{local_name}.to_s")
|
||||
"\#{URI.escape(#{value_code}, ActionController::Routing::Segment::UNSAFE_PCHAR)}"
|
||||
end
|
||||
|
||||
def string_structure(prior_segments)
|
||||
|
@ -776,8 +776,8 @@ module ActionController
|
|||
end
|
||||
|
||||
# Don't URI.escape the controller name since it may contain slashes.
|
||||
def interpolation_chunk
|
||||
"\#{#{local_name}.to_s}"
|
||||
def interpolation_chunk(value_code = "#{local_name}.to_s")
|
||||
"\#{#{value_code}}"
|
||||
end
|
||||
|
||||
# Make sure controller names like Admin/Content are correctly normalized to
|
||||
|
@ -799,8 +799,8 @@ module ActionController
|
|||
RESERVED_PCHAR = "#{Segment::RESERVED_PCHAR}/"
|
||||
UNSAFE_PCHAR = Regexp.new("[^#{URI::REGEXP::PATTERN::UNRESERVED}#{RESERVED_PCHAR}]", false, 'N').freeze
|
||||
|
||||
def interpolation_chunk
|
||||
"\#{URI.escape(#{local_name}.to_s, ActionController::Routing::PathSegment::UNSAFE_PCHAR)}"
|
||||
def interpolation_chunk(value_code = "#{local_name}.to_s")
|
||||
"\#{URI.escape(#{value_code}, ActionController::Routing::PathSegment::UNSAFE_PCHAR)}"
|
||||
end
|
||||
|
||||
def default
|
||||
|
@ -1157,27 +1157,26 @@ module ActionController
|
|||
|
||||
hash_access_method = hash_access_name(name, kind)
|
||||
|
||||
# allow ordered parameters to be associated with corresponding
|
||||
# dynamic segments, so you can do
|
||||
#
|
||||
# foo_url(bar, baz, bang)
|
||||
#
|
||||
# instead of
|
||||
#
|
||||
# foo_url(:bar => bar, :baz => baz, :bang => bang)
|
||||
#
|
||||
# Also allow options hash, so you can do
|
||||
#
|
||||
# foo_url(bar, baz, bang, :sort_by => 'baz')
|
||||
#
|
||||
@module.send :module_eval, <<-end_eval # We use module_eval to avoid leaks
|
||||
def #{selector}(*args)
|
||||
|
||||
#{generate_optimisation_block(route, kind)}
|
||||
|
||||
opts = if args.empty? || Hash === args.first
|
||||
args.first || {}
|
||||
else
|
||||
# allow ordered parameters to be associated with corresponding
|
||||
# dynamic segments, so you can do
|
||||
#
|
||||
# foo_url(bar, baz, bang)
|
||||
#
|
||||
# instead of
|
||||
#
|
||||
# foo_url(:bar => bar, :baz => baz, :bang => bang)
|
||||
#
|
||||
# Also allow options hash, so you can do
|
||||
#
|
||||
# foo_url(bar, baz, bang, :sort_by => 'baz')
|
||||
#
|
||||
options = args.last.is_a?(Hash) ? args.pop : {}
|
||||
args = args.zip(#{route.segment_keys.inspect}).inject({}) do |h, (v, k)|
|
||||
h[k] = v
|
||||
|
|
|
@ -56,7 +56,6 @@ module ActionController
|
|||
elements = []
|
||||
idx = 0
|
||||
|
||||
|
||||
if kind == :url
|
||||
elements << '#{request.protocol}'
|
||||
elements << '#{request.host_with_port}'
|
||||
|
@ -67,10 +66,10 @@ module ActionController
|
|||
# we don't include the trailing slashes, so skip them.
|
||||
((route.segments.size == 1 && kind == :path) ? route.segments : route.segments[0..-2]).each do |segment|
|
||||
if segment.is_a?(DynamicSegment)
|
||||
elements << "\#{URI.escape(args[#{idx}].to_param, ActionController::Routing::Segment::UNSAFE_PCHAR)}"
|
||||
elements << segment.interpolation_chunk("args[#{idx}].to_param")
|
||||
idx += 1
|
||||
else
|
||||
elements << segment.to_s
|
||||
elements << segment.interpolation_chunk
|
||||
end
|
||||
end
|
||||
%("#{elements * ''}")
|
||||
|
|
|
@ -273,6 +273,14 @@ class LegacyRouteSetTests < Test::Unit::TestCase
|
|||
assert_equal [], results[:path]
|
||||
end
|
||||
|
||||
def test_paths_slashes_unescaped_with_ordered_parameters
|
||||
rs.add_named_route :path, '/file/*path', :controller => 'content'
|
||||
|
||||
# No / to %2F in URI, only for query params.
|
||||
x = setup_for_named_route
|
||||
assert_equal("/file/hello/world", x.send(:path_path, 'hello/world'))
|
||||
end
|
||||
|
||||
def test_non_controllers_cannot_be_matched
|
||||
rs.draw do |map|
|
||||
map.connect ':controller/:action/:id'
|
||||
|
|
Loading…
Reference in a new issue