#3315 CGI.escape escapes characters that should be allowed in anchors in url_rewriter - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#3315 ✓invalid

CGI.escape escapes characters that should be allowed in anchors in url_rewriter

Reported by Roy W. Black | October 3rd, 2009 @ 12:18 AM

In 2.3.4 CGI.escape was applied to the value supplied by :anchor in link_to and url_for.

The regex used to character encode disallowed characters in CGI::escape does not allow ? or / which are specfically allowed by the spec.

David Trasbo April 15th, 2010 @ 09:49 PM
- Assigned user set to “Ryan Bigg”
Unrelated to Rails. http://ruby-doc.org/stdlib/libdoc/cgi/rdoc/index.html Can be marked as invalid.
Ryan Bigg April 15th, 2010 @ 10:37 PM
- State changed from “new” to “invalid”
CGI is Ruby core.
You flagged this item as spam.
Roy W. Black April 16th, 2010 @ 02:51 AM
Then maybe CGI::escape should not be used on anchors? This was a change in behavior between 2.3.4 and 2.3.5

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>