Hrm. I think I'm losing it... that github commit isn't 2.3.4, but
still the rest applies... I think. Heh.
On Oct 26, 2009, at 2:06 PM, Philip Hallstrom wrote:
>
> Hi all -
>
> I just upgraded a project to 2.3.4
> (a54f572d6f994615a2053c361728b65520a1cb53) and I get errors if I set a
> cookie to a number like this:
>
> cookies['foo'] = 123 # errors out on a call to CGI::escape(123)
>
> -----------------------------------------------------------------------------------------------------------------
> private method `gsub' called for 0:Fixnum
> /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/
> 1.8/cgi.rb:342:in `escape'
> vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb:72:in
> `to_s'
> vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb:72:in
> `collect'
> vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb:72:in
> `to_s'
> vendor/rails/actionpack/lib/action_controller/cookies.rb:92:in
> `set_cookie'
> vendor/rails/actionpack/lib/action_controller/cookies.rb:73:in `[]='
> app/controllers/application_controller.rb:33:in `set_cookies'
> -----------------------------------------------------------------------------------------------------------------
> Digging through the code the offending method is below.
> -----------------------------------------------------------------------------------------------------------------
> diff --git a/vendor/rails/actionpack/lib/action_controller/cgi_ext/
> cookie.rb b/vendor/rails/actionpack/lib/action_controller/cgi_ext/
> cookie.rb
> index 009ddd1..a8cb771 100755
> --- a/vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb
> +++ b/vendor/rails/actionpack/lib/action_controller/cgi_ext/cookie.rb
> @@ -69,7 +69,7 @@ class CGI #:nodoc:
> def to_s
> buf = ''
> buf << @name << '='
> - buf << (@value.kind_of?(String) ? CGI::escape(@value) :
> @value.collect{|v| CGI::escape(v) }.join("&"))
> + buf << (@value.kind_of?(String) ? CGI::escape(@value) :
> @value.collect{|v| CGI::escape(v.to_s) }.join("&"))
> buf << '; domain=' << @domain if @domain
> buf << '; path=' << @path if @path
> buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires
> -----------------------------------------------------------------------------------------------------------------
> Couple of questions... CGI::escape's source indicates it takes a
> string and does *zero* checking before trying to call gsub on it. So
> why isn't this method calling to_s on the value? Is there a reason
> I'm not thinking of that it shouldn't do this?
> Secondly, I tried to add a test to Rails to check this, but none of
> the cookie tests seem to touch this section of the code. Which seems
> odd to me and makes me wonder if I'm doing something wrong or if the
> tests simply don't trigger this. However, if I make this change in my
> vendor/rails and hit my application it *does* get called. Any ideas
> there?
> And lastly, is this worthy of a bug submission? Or was I living fast
> and loose thinking I could assign pure numbers to my cookies?
> Thanks!
> -philip
>
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
