From aa1f4700a2461f3f80abd219e874d0edd9a0c599 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Wed, 6 Jul 2022 18:48:57 -0700
Subject: Hex escape unprintable bytes in common logger (#1904)

When using \x prefix, users would expect hex escaping.
---
 lib/rack/common_logger.rb  | 2 +-
 test/spec_common_logger.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/rack/common_logger.rb b/lib/rack/common_logger.rb
index 6235cef2..42bc135b 100644
--- a/lib/rack/common_logger.rb
+++ b/lib/rack/common_logger.rb
@@ -65,7 +65,7 @@ module Rack
         length,
         Utils.clock_time - began_at)
 
-      msg.gsub!(/[^[:print:]\n]/) { |c| "\\x#{c.ord}" }
+      msg.gsub!(/[^[:print:]\n]/) { |c| sprintf("\\x%x", c.ord) }
 
       logger = @logger || request.get_header(RACK_ERRORS)
       # Standard library logger doesn't support write but it supports << which actually
diff --git a/test/spec_common_logger.rb b/test/spec_common_logger.rb
index f5f182aa..be020073 100644
--- a/test/spec_common_logger.rb
+++ b/test/spec_common_logger.rb
@@ -110,9 +110,9 @@ describe Rack::CommonLogger do
   it "escapes non printable characters except newline" do
     logdev = StringIO.new
     log = Logger.new(logdev)
-    Rack::MockRequest.new(Rack::CommonLogger.new(app_without_lint, log)).request("GET\b", "/hello")
+    Rack::MockRequest.new(Rack::CommonLogger.new(app_without_lint, log)).request("GET\x1f", "/hello")
 
-    logdev.string.must_match(/GET\\x8 \/hello HTTP\/1\.1/)
+    logdev.string.must_match(/GET\\x1f \/hello HTTP\/1\.1/)
   end
 
   it "log path with PATH_INFO" do
-- 
cgit v1.2.3-24-ge0c7