diff options
author | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-09-27 03:17:47 +0000 |
---|---|---|
committer | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-09-27 03:17:47 +0000 |
commit | 5f33c6b0f5e7a0e5cb849e791adced2528df3227 (patch) | |
tree | 2db80de700359282ce0101a6948e361767c3dda5 /test/cgi | |
parent | f0137ba8cdd805249a55d371aa2309f5622b7f70 (diff) |
* lib/cgi/cookie.rb (parse): don't allow , as a separator. [Bug #12791]
* lib/webrick/cookie.rb (parse): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56262 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/cgi')
-rw-r--r-- | test/cgi/test_cgi_cookie.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb index ae7b14a4dd..ca81e41133 100644 --- a/test/cgi/test_cgi_cookie.rb +++ b/test/cgi/test_cgi_cookie.rb @@ -88,9 +88,12 @@ class CGICookieTest < Test::Unit::TestCase assert_equal(name, cookie.name) assert_equal(value, cookie.value) end - ## ',' separator - cookie_str = 'name1=val1&val2, name2=val2&%26%3C%3E%22&%E3%82%86%E3%82%93%E3%82%86%E3%82%93,_session_id=12345' + ## don't allow ',' separator + cookie_str = 'name1=val1&val2, name2=val2' cookies = CGI::Cookie.parse(cookie_str) + list = [ + ['name1', ['val1', 'val2, name2=val2']], + ] list.each do |name, value| cookie = cookies[name] assert_equal(name, cookie.name) |