Hi all -
I just upgraded a project to 2.3.4
(a54f572d6f994615a2053c361728b65520a1cb53) and I get errors if I set a
cookie to a number like this:
cookies['foo'] = 123 # errors out on a call to CGI::escape(123)
-----------------------------------------------------------------------------------------------------------------
private method `gsub' called for 0:Fixnum
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/
1.8/cgi.rb:342:in `escape'
vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb:72:in
`to_s'
vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb:72:in
`collect'
vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb:72:in
`to_s'
vendor/rails/actionpack/lib/action_controller/cookies.rb:92:in
`set_cookie'
vendor/rails/actionpack/lib/action_controller/cookies.rb:73:in `[]='
app/controllers/application_controller.rb:33:in `set_cookies'
-----------------------------------------------------------------------------------------------------------------
Digging through the code the offending method is below.
-----------------------------------------------------------------------------------------------------------------
diff --git a/vendor/rails/actionpack/lib/action_controller/cgi_ext/
cookie.rb b/vendor/rails/actionpack/lib/action_controller/cgi_ext/
cookie.rb
index 009ddd1..a8cb771 100755
--- a/vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb
+++ b/vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb
@@ -69,7 +69,7 @@ class CGI #:nodoc:
def to_s
buf = ''
buf << @name << '='
- buf << (@value.kind_of?(String) ? CGI::escape(@value) :
@value.collect{|v| CGI::escape(v) }.join("&"))
+ buf << (@value.kind_of?(String) ? CGI::escape(@value) :
@value.collect{|v| CGI::escape(v.to_s) }.join("&"))
buf << '; domain=' << @domain if @domain
buf << '; path=' << @path if @path
buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires
-----------------------------------------------------------------------------------------------------------------
Couple of questions... CGI::escape's source indicates it takes a
string and does *zero* checking before trying to call gsub on it. So
why isn't this method calling to_s on the value? Is there a reason
I'm not thinking of that it shouldn't do this?
Secondly, I tried to add a test to Rails to check this, but none of
the cookie tests seem to touch this section of the code. Which seems
odd to me and makes me wonder if I'm doing something wrong or if the
tests simply don't trigger this. However, if I make this change in my
vendor/rails and hit my application it *does* get called. Any ideas
there?
And lastly, is this worthy of a bug submission? Or was I living fast
and loose thinking I could assign pure numbers to my cookies?
Thanks!
-philip
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
