From 00e28eff91114c752391ed9379aa3a34b03ccbde Mon Sep 17 00:00:00 2001
From: _why <why@whytheluckystiff.net>
Date: Sun, 21 May 2006 21:09:09 +0000
Subject: [PATCH]  * lib/camping.rb: R(C, ...) wasn't escaping at all.

---
 lib/camping-unabridged.rb | 2 +-
 lib/camping.rb            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/camping-unabridged.rb b/lib/camping-unabridged.rb
index ae69e60..e33ea4e 100644
--- a/lib/camping-unabridged.rb
+++ b/lib/camping-unabridged.rb
@@ -199,7 +199,7 @@ module Helpers
     def R(c,*args)
       p = /\(.+?\)/
       args.inject(c.urls.find{|x|x.scan(p).size==args.size}.dup){|str,a|
-        str.sub(p,(a.__send__(a.class.primary_key) rescue a).to_s)
+        str.sub(p,C.escape((a.__send__(a.class.primary_key) rescue a)))
       }
     end
     # Shows AR validation errors for the object passed. 
diff --git a/lib/camping.rb b/lib/camping.rb
index c9ba29f..b1ba9fb 100644
--- a/lib/camping.rb
+++ b/lib/camping.rb
@@ -1,8 +1,8 @@
 %w[rubygems active_record markaby metaid tempfile uri].each{|l|require l}
 module Camping;C=self;F=__FILE__;S=IO.read(F).gsub(/_+FILE_+/,F.dump)
 module Helpers;def R c,*args;p=/\(.+?\)/;args.inject(c.urls.find{|x|x.scan(p).
-size==args.size}.dup){|str,a|str.sub(p,(a.__send__(a.class.primary_key)rescue
-a).to_s)} end;def URL c='/',*a;c=R(c,*a)if c.respond_to?:urls;c=self/c;c=
+size==args.size}.dup){|str,a|str.sub(p,C.escape((a.__send__(a.class.primary_key
+)rescue a)))} end;def URL c='/',*a;c=R(c,*a)if c.respond_to?:urls;c=self/c;c=
 "//"+@env.HTTP_HOST+c if c[/^\//];URI(c) end;def / p;p[/^\//]?@root+p:p end
 def errors_for o;ul.errors{o.errors.each_full{|x|li x}}if o.errors.any? end end
 module Base;include Helpers;attr_accessor :input,:cookies,:env,:headers,:body,