cleaned up regex

lib/mauth/client.rb

@@ -366,7 +366,7 @@ def signature_valid!(object)
         # do a moderately complex Euresource-style reencoding of the path
         object.attributes_for_signing[:request_url] = CGI.escape(original_request_uri.to_s)
         # decode forward slash and octothorpes back into characters like Euresource does
-        object.attributes_for_signing[:request_url].gsub!(/\w+/, '%2F' => '/', '%23' => '#')
+        object.attributes_for_signing[:request_url].gsub!(/%2F|%23/, "%2F" => "/", "%23" => "#")
         expected_euresource_style_reencoding = object.string_to_sign(time: object.x_mws_time, app_uuid: object.signature_app_uuid)
 
         # reset the object original request_uri, just in case we need it again

spec/mauth_client_spec.rb

@@ -236,7 +236,7 @@ def x_mws_authentication
         it "considers a request to be authentic even if the request_url must be CGI::escape'ed (after being escaped in Euresource's own idiosyncratic way) before authenticity is achieved" do
           ['/v1/users/[email protected]', "! # $ & ' ( ) * + , / : ; = ? @ [ ]"].each do |path|
             # imagine what are on the requester's side now...
-            signed_path = CGI.escape(path).gsub!(/\w+/, '%2F' => '/', '%23' => '#') # This is what Euresource does to the path on the requester's side before the signing of the outgoing request occurs.
+            signed_path = CGI.escape(path).gsub!(/%2F|%23/, "%2F" => "/", "%23" => "#") # This is what Euresource does to the path on the requester's side before the signing of the outgoing request occurs.
             request = TestSignableRequest.new(:verb => 'GET', :request_url => signed_path)
             signed_request = @signing_mc.signed(request)