escape individual cookie values from $cookie_*

These values are untrusted, so if any client sends them to us we must escape them.
author: Eric Wong <normalperson@yhbt.net> 2011-12-05 17:59:40 -0800
committer: Eric Wong <normalperson@yhbt.net> 2011-12-05 17:59:40 -0800
commit: 3a47f23e74a681339f74b21b94241dcfe9542472 (patch)
tree: d29223babb471bbc1a2c42937aa917fab1035236 /test/test_clogger.rb
parent: ba72b12030864a05fc88bc94a3b699971cc70b0a (diff)
download: clogger-3a47f23e74a681339f74b21b94241dcfe9542472.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/test/test_clogger.rb b/test/test_clogger.rb
index 10640e2..14613e0 100644
--- a/test/test_clogger.rb
+++ b/test/test_clogger.rb
@@ -424,9 +424,9 @@ class TestClogger < Test::Unit::TestCase
      cl = Clogger.new(app,
          :format => '$cookie_foo $cookie_quux',
          :logger => str)
-    req = @req.merge('HTTP_COOKIE' => "foo=bar;quux=h&m")
+    req = @req.merge('HTTP_COOKIE' => "foo=bar;quux=h%7F&m")
      status, headers, body = cl.call(req)
-    assert_equal "bar h&m\n", str.string
+    assert_equal "bar h\\x7F&m\n", str.string
    end
  
    def test_bogus_app_response
author	Eric Wong <normalperson@yhbt.net>	2011-12-05 17:59:40 -0800
committer	Eric Wong <normalperson@yhbt.net>	2011-12-05 17:59:40 -0800
commit	3a47f23e74a681339f74b21b94241dcfe9542472 (patch)
tree	d29223babb471bbc1a2c42937aa917fab1035236 /test/test_clogger.rb
parent	ba72b12030864a05fc88bc94a3b699971cc70b0a (diff)
download	clogger-3a47f23e74a681339f74b21b94241dcfe9542472.tar.gz