From 3a47f23e74a681339f74b21b94241dcfe9542472 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Mon, 5 Dec 2011 17:59:40 -0800
Subject: escape individual cookie values from $cookie_*

These values are untrusted, so if any client sends them to us
we must escape them.
---
 test/test_clogger.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'test/test_clogger.rb')

diff --git a/test/test_clogger.rb b/test/test_clogger.rb
index 10640e2..14613e0 100644
--- a/test/test_clogger.rb
+++ b/test/test_clogger.rb
@@ -424,9 +424,9 @@ class TestClogger < Test::Unit::TestCase
     cl = Clogger.new(app,
         :format => '$cookie_foo $cookie_quux',
         :logger => str)
-    req = @req.merge('HTTP_COOKIE' => "foo=bar;quux=h&m")
+    req = @req.merge('HTTP_COOKIE' => "foo=bar;quux=h%7F&m")
     status, headers, body = cl.call(req)
-    assert_equal "bar h&m\n", str.string
+    assert_equal "bar h\\x7F&m\n", str.string
   end
 
   def test_bogus_app_response
-- 
cgit v1.2.3-24-ge0c7