diff --git a/ChangeLog b/ChangeLog
index d21fc912b8..3a3d256788 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Thu Jul 29 14:25:14 2009  Takeyuki FUJIOKA  <xibbar@ruby-lang.org>
+
+	* lib/cgi/util.rb (CGI::unescape): support encoding option.
+
+	* lib/cgi/cookie.rb (CGI::Cookie.parse): fix for the encoded value.
+
 Wed Jul 29 08:08:07 2009  NARUSE, Yui  <naruse@ruby-lang.org>
 
 	* parse.y (regexp): regexp literal at the top of dstr is still needed
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index 5c2cd62a27..68fbc8972c 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -123,7 +123,7 @@ class CGI
       next unless name and values
       name = CGI::unescape(name)
       values ||= ""
-      values = values.split('&').collect{|v| CGI::unescape(v) }
+      values = values.split('&').collect{|v| CGI::unescape(v,@@accept_charset) }
       if cookies.has_key?(name)
         values = cookies[name].value + values
       end
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
index b7b0233b4d..218bdbdd9a 100644
--- a/lib/cgi/util.rb
+++ b/lib/cgi/util.rb
@@ -9,14 +9,14 @@ class CGI
   end
 
 
-  # URL-decode a string.
+  # URL-decode a string with encoding(optional).
   #   string = CGI::unescape("%27Stop%21%27+said+Fred")
   #      # => "'Stop!' said Fred"
-  def CGI::unescape(string)
-    enc = string.encoding
-    string.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/) do
-      [$1.delete('%')].pack('H*').force_encoding(enc)
-    end
+  def CGI::unescape(string,encoding=@@accept_charset)
+    str=string.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/) do
+      [$1.delete('%')].pack('H*')
+    end.force_encoding(encoding)
+    str.valid_encoding? ? str : str.force_encoding(string.encoding)
   end
 
   TABLE_FOR_ESCAPE_HTML__ = {
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index f9950d1fb1..c55b52ed03 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -8,6 +8,8 @@ class CGICookieTest < Test::Unit::TestCase
 
   def setup
     ENV['REQUEST_METHOD'] = 'GET'
+    @str1="\xE3\x82\x86\xE3\x82\x93\xE3\x82\x86\xE3\x82\x93"
+    @str1.force_encoding("UTF-8") if RUBY_VERSION>="1.9"
   end
 
   def teardown
@@ -18,20 +20,21 @@ class CGICookieTest < Test::Unit::TestCase
 
 
   def test_cgi_cookie_new_simple
-    cookie = CGI::Cookie.new('name1', 'val1', '&<>"', "\245\340\245\271\245\253")
+    cookie = CGI::Cookie.new('name1', 'val1', '&<>"', @str1)
     assert_equal('name1', cookie.name)
-    assert_equal(['val1', '&<>"', "\245\340\245\271\245\253"], cookie.value)
+    assert_equal(['val1', '&<>"', @str1], cookie.value)
     assert_nil(cookie.domain)
     assert_nil(cookie.expires)
     assert_equal('', cookie.path)
     assert_equal(false, cookie.secure)
-    assert_equal("name1=val1&%26%3C%3E%22&%A5%E0%A5%B9%A5%AB; path=", cookie.to_s)
+    assert_equal("name1=val1&%26%3C%3E%22&%E3%82%86%E3%82%93%E3%82%86%E3%82%93; path=", cookie.to_s)
   end
 
 
   def test_cgi_cookie_new_complex
     t = Time.gm(2030, 12, 31, 23, 59, 59)
-    value = ['val1', '&<>"', "\245\340\245\271\245\253"]
+    value = ['val1', '&<>"', "\xA5\xE0\xA5\xB9\xA5\xAB"]
+    value[2].force_encoding("EUC-JP") if RUBY_VERSION>="1.9"
     cookie = CGI::Cookie.new('name'=>'name1',
                              'value'=>value,
                              'path'=>'/cgi-bin/myapp/',
@@ -65,11 +68,11 @@ class CGICookieTest < Test::Unit::TestCase
 
   def test_cgi_cookie_parse
     ## ';' separator
-    cookie_str = 'name1=val1&val2; name2=val2&%26%3C%3E%22;_session_id=12345'
+    cookie_str = 'name1=val1&val2; name2=val2&%26%3C%3E%22&%E3%82%86%E3%82%93%E3%82%86%E3%82%93;_session_id=12345'
     cookies = CGI::Cookie.parse(cookie_str)
     list = [
       ['name1', ['val1', 'val2']],
-      ['name2', ['val2', '&<>"']],
+      ['name2', ['val2', '&<>"',@str1]],
       ['_session_id', ['12345']],
     ]
     list.each do |name, value|
@@ -78,7 +81,7 @@ class CGICookieTest < Test::Unit::TestCase
       assert_equal(value, cookie.value)
     end
     ## ',' separator
-    cookie_str = 'name1=val1&val2, name2=val2&%26%3C%3E%22,_session_id=12345'
+    cookie_str = 'name1=val1&val2, name2=val2&%26%3C%3E%22&%E3%82%86%E3%82%93%E3%82%86%E3%82%93,_session_id=12345'
     cookies = CGI::Cookie.parse(cookie_str)
     list.each do |name, value|
       cookie = cookies[name]
diff --git a/test/cgi/test_cgi_session.rb b/test/cgi/test_cgi_session.rb
index 6cccb22240..50e0f4af4d 100644
--- a/test/cgi/test_cgi_session.rb
+++ b/test/cgi/test_cgi_session.rb
@@ -7,14 +7,14 @@ require 'tmpdir'
 
 class CGISessionTest < Test::Unit::TestCase
   def setup
-    @session_dir = File.join(Dir.mktmpdir('__test_dir__'), 'session_dir')
+    @session_dir = File.join(File.dirname(__FILE__), 'session_dir')
     FileUtils.mkdir_p @session_dir
   end
 
   def teardown
     @environ.each do |key, val| ENV.delete(key) end
     $stdout = STDOUT
-    FileUtils.rm_rf(File.dirname(@session_dir))
+    FileUtils.rm_rf(@session_dir)
   end
 
   def test_cgi_session_filestore
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
new file mode 100644
index 0000000000..ec0744ded4
--- /dev/null
+++ b/test/cgi/test_cgi_util.rb
@@ -0,0 +1,32 @@
+require 'test/unit'
+require 'cgi'
+require 'stringio'
+
+
+class CGIUtilTest < Test::Unit::TestCase
+
+
+  def setup
+    ENV['REQUEST_METHOD'] = 'GET'
+    @str1="&<>\" \xE3\x82\x86\xE3\x82\x93\xE3\x82\x86\xE3\x82\x93"
+    @str1.force_encoding("UTF-8") if RUBY_VERSION>="1.9"
+  end
+
+  def teardown
+    %W[REQUEST_METHOD SCRIPT_NAME].each do |name|
+      ENV.delete(name)
+    end
+  end
+
+
+  def test_cgi_escape
+    assert_equal('%26%3C%3E%22+%E3%82%86%E3%82%93%E3%82%86%E3%82%93', CGI::escape(@str1))
+    assert_equal('%26%3C%3E%22+%E3%82%86%E3%82%93%E3%82%86%E3%82%93'.ascii_only?, CGI::escape(@str1).ascii_only?) if RUBY_VERSION>="1.9"
+  end
+
+  def test_cgi_unescape
+    assert_equal(@str1, CGI::unescape('%26%3C%3E%22+%E3%82%86%E3%82%93%E3%82%86%E3%82%93'))
+    assert_equal(@str1.encoding, CGI::unescape('%26%3C%3E%22+%E3%82%86%E3%82%93%E3%82%86%E3%82%93').encoding) if RUBY_VERSION>="1.9"
+  end
+
+end