From 0c862e7895b24b69308f17adcc3bbc4f26b4f276 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Thu, 20 Jun 2019 14:47:15 -0700
Subject: [PATCH] Fix fallback in URI.encode_www_form_component to include #

Patch from Matthew Kerwin.

Fixes [Bug #14358]
---
 lib/uri/common.rb       | 2 +-
 test/uri/test_common.rb | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/uri/common.rb b/lib/uri/common.rb
index 17d9ffc28c..811ec98aad 100644
--- a/lib/uri/common.rb
+++ b/lib/uri/common.rb
@@ -370,7 +370,7 @@ def self.encode_www_form_component(str, enc=nil)
     if str.encoding != Encoding::ASCII_8BIT
       if enc && enc != Encoding::ASCII_8BIT
         str.encode!(Encoding::UTF_8, invalid: :replace, undef: :replace)
-        str.encode!(enc, fallback: ->(x){"&#{x.ord};"})
+        str.encode!(enc, fallback: ->(x){"&##{x.ord};"})
       end
       str.force_encoding(Encoding::ASCII_8BIT)
     end
diff --git a/test/uri/test_common.rb b/test/uri/test_common.rb
index 4a7300fce7..c7ee0ac675 100644
--- a/test/uri/test_common.rb
+++ b/test/uri/test_common.rb
@@ -81,6 +81,8 @@ def test_encode_www_form_component
                    "\u3042".encode("sjis"), Encoding::UTF_8))
     assert_equal("B0", URI.encode_www_form_component(
                    "\u3042".encode("sjis"), Encoding::UTF_16LE))
+    assert_equal("%26%23730%3B", URI.encode_www_form_component(
+                   "\u02DA", Encoding::WINDOWS_1252))
 
     # invalid
     assert_equal("%EF%BF%BD%EF%BF%BD", URI.encode_www_form_component(
-- 
2.21.0