From 83740a86bff7f0fa7d0caba5406ee125736cd133 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <tenderlove@ruby-lang.org>
Date: Fri, 8 Oct 2021 14:33:44 +0800
Subject: [PATCH] Properly encode ID parameters to avoid prossible
information

[CVE-2020-8151]

---
 lib/active_resource/base.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/active_resource/base.rb b/lib/active_resource/base.rb
index 3576d0c..913ba45 100644
--- a/lib/active_resource/base.rb
+++ b/lib/active_resource/base.rb
@@ -763,7 +763,7 @@ module ActiveResource
         check_prefix_options(prefix_options)
 
         prefix_options, query_options = split_options(prefix_options) if query_options.nil?
-        "#{prefix(prefix_options)}#{collection_name}/#{URI.parser.escape id.to_s}#{format_extension}#{query_string(query_options)}"
+        "#{prefix(prefix_options)}#{collection_name}/#{URI.encode_www_form_component(id.to_s)}#{format_extension}#{query_string(query_options)}"
       end
 
       # Gets the new element path for REST resources.
-- 
2.27.0