allow cache-breaker params in EscapedParams

2023-03-27 23:18:01 -04:00 · 2012-07-02 11:14:57 -04:00 · 2012-07-02 11:14:57 -04:00 · 1e0710abfc
commit 1e0710abfc
parent 47c9f73934
2 changed files with 11 additions and 1 deletions
--- a/rack-protection/lib/rack/protection/escaped_params.rb
+++ b/rack-protection/lib/rack/protection/escaped_params.rb
@ -66,7 +66,7 @@ module Rack
        when Hash   then escape_hash(object)
        when Array  then object.map { |o| escape(o) }
        when String then escape_string(object)
-        else raise ArgumentError, "cannot escape #{object.inspect}"
+        else nil
        end
      end

--- a/rack-protection/spec/escaped_params_spec.rb
+++ b/rack-protection/spec/escaped_params_spec.rb
@ -30,5 +30,15 @@ describe Rack::Protection::EscapedParams do
      get '/', :foo => {:bar => "<bar>"}
      body.should == '&lt;bar&gt;'
    end
+
+    it 'leaves cache-breaker params untouched' do
+      mock_app do |env|
+        request = Rack::Request.new(env)
+        [200, {'Content-Type' => 'text/plain'}, ['hi']]
+      end
+
+      get '/?95df8d9bf5237ad08df3115ee74dcb10'
+      body.should == 'hi'
+    end
  end
 end