Permalink
Browse files

Ignore incorrectly formatted cookies.

This will prevent the application software (like Rails) to crash when given
unescaped cookie value (e.g. "100%" instead of "100%25").
  • Loading branch information...
1 parent f6ee254 commit 149be7fd584f3163484cf355ff16fa0f3848b27a @infertux infertux committed Nov 18, 2011
Showing with 12 additions and 3 deletions.
  1. +0 −2 lib/rack/request.rb
  2. +5 −1 lib/rack/utils.rb
  3. +7 −0 test/spec_utils.rb
View
2 lib/rack/request.rb
@@ -261,8 +261,6 @@ def cookies
Utils.parse_query(string, ';,').each { |k,v| hash[k] = Array === v ? v.first : v }
@env["rack.request.cookie_string"] = string
hash
- rescue => error
- raise error.class, "cannot parse Cookie header: #{error.message}"
end
def xhr?
View
6 lib/rack/utils.rb
@@ -56,7 +56,11 @@ def parse_query(qs, d = nil)
params = {}
(qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
- k, v = p.split('=', 2).map { |x| unescape(x) }
+ begin
+ k, v = p.split('=', 2).map { |x| unescape(x) }
+ rescue
+ next # Ignore invalid (key,value) pairs
+ end
if cur = params[k]
if cur.class == Array
params[k] << v
View
7 test/spec_utils.rb
@@ -105,6 +105,13 @@ def kcodeu
Rack::Utils.parse_query("foo%3Dbaz=bar").should.equal "foo=baz" => "bar"
end
+ should "ignore incorrectly escaped query strings" do
+ Rack::Utils.parse_query("foo=100%wrong").
+ should.be.empty
+ Rack::Utils.parse_query("foo=bar&nasty=100%wrong&baz=okay").
+ should.equal "foo" => "bar", "baz" => "okay"
+ end
+
should "parse nested query strings correctly" do
Rack::Utils.parse_nested_query("foo").
should.equal "foo" => nil

0 comments on commit 149be7f

Please sign in to comment.