From ef7bdeefbade6a4879abc25b2b6f6749ec7e8048 Mon Sep 17 00:00:00 2001 From: Akinori MUSHA Date: Thu, 28 Mar 2013 22:06:19 +0900 Subject: [PATCH] Cookie#cookie_value too should quote values if necessary. --- lib/http/cookie.rb | 4 ++-- lib/http/cookie/scanner.rb | 2 +- test/test_http_cookie.rb | 10 ++++++++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/http/cookie.rb b/lib/http/cookie.rb index 136765b..9f5317a 100644 --- a/lib/http/cookie.rb +++ b/lib/http/cookie.rb @@ -545,7 +545,7 @@ class HTTP::Cookie # Returns a string for use in a Cookie header value, # i.e. "name=value". def cookie_value - "#{@name}=#{@value}" + "#{@name}=#{Scanner.quote(@value)}" end alias to_s cookie_value @@ -559,7 +559,7 @@ class HTTP::Cookie origin = origin ? URI(origin) : @origin or raise "origin must be specified to produce a value for Set-Cookie" - string = "#{@name}=#{Scanner.quote(@value)}" + string = cookie_value if @for_domain string << "; Domain=#{@domain}" end diff --git a/lib/http/cookie/scanner.rb b/lib/http/cookie/scanner.rb index 2961636..648bf87 100644 --- a/lib/http/cookie/scanner.rb +++ b/lib/http/cookie/scanner.rb @@ -23,7 +23,7 @@ class HTTP::Cookie::Scanner < StringScanner class << self def quote(s) return s unless s.match(RE_BAD_CHAR) - '"' << s.gsub(RE_BAD_CHAR, "\\\\\\1") << '"' + '"' << s.gsub(/([\\"])/, "\\\\\\1") << '"' end end diff --git a/test/test_http_cookie.rb b/test/test_http_cookie.rb index 5ae4471..d915b2e 100644 --- a/test/test_http_cookie.rb +++ b/test/test_http_cookie.rb @@ -390,6 +390,16 @@ class TestHTTPCookie < Test::Unit::TestCase end end + def test_cookie_value + [ + ['foo="bar baz"', 'bar baz'], + ['foo="bar\"; \"baz"', 'bar"; "baz'], + ].each { |cookie_value, value| + cookie = HTTP::Cookie.new('foo', value) + assert_equal(cookie_value, cookie.cookie_value) + } + end + def test_set_cookie_value url = URI.parse('http://rubyforge.org/')