Don't include bad password in URI exception output

We shouldn't include the bad password in the URI exception output message. Just knowing that there is a bad password is enough information. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56166 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-15 21:44:56 +00:00 · 2016-09-15 21:44:56 +00:00 · c2cbd5528c
commit c2cbd5528c
parent 7070c5bff3
3 changed files with 17 additions and 1 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Fri Sep 16 06:43:25 2016  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* lib/uri/generic.rb (def check_password): don't include bad password
+	  in URI exception output
+
+	* test/uri/test_generic.rb (def test_set_component): test for behavior
+
 Thu Sep 15 21:40:03 2016  Kazuhiro NISHIYAMA  <zn@mbf.nifty.com>

 	* doc/extension.ja.rdoc: Fix file name.
--- a/lib/uri/generic.rb
+++ b/lib/uri/generic.rb
@ -428,7 +428,7 @@ module URI

      if parser.regexp[:USERINFO] !~ v
        raise InvalidComponentError,
-          "bad component(expected user component): #{v}"
+          "bad password component"
      end

      return true
--- a/test/uri/test_generic.rb
+++ b/test/uri/test_generic.rb
@ -749,6 +749,15 @@ class URI::TestGeneric < Test::Unit::TestCase
    assert_equal('foo:xyzzy', uri.to_s)
  end

+  def test_bad_password_component
+    uri = URI.parse('http://foo:bar@baz')
+    password = 'foo@bar'
+    e = assert_raise(URI::InvalidComponentError) do
+      uri.password = password
+    end
+    refute_match password, e.message
+  end
+
  def test_set_scheme
    uri = URI.parse 'HTTP://example'