Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Handle EOFError exception from malformed multipart in MethodOverride …

…middleware
  • Loading branch information...
commit 5f4bb6022a10cab144e4485e61e842b8d14a7936 1 parent 39e858d
@cgriego cgriego authored
Showing with 25 additions and 4 deletions.
  1. +10 −4 lib/rack/methodoverride.rb
  2. +15 −0 test/spec_methodoverride.rb
View
14 lib/rack/methodoverride.rb
@@ -11,10 +11,7 @@ def initialize(app)
def call(env)
if env["REQUEST_METHOD"] == "POST"
- req = Request.new(env)
- method = req.POST[METHOD_OVERRIDE_PARAM_KEY] ||
- env[HTTP_METHOD_OVERRIDE_HEADER]
- method = method.to_s.upcase
+ method = method_override(env)
if HTTP_METHODS.include?(method)
env["rack.methodoverride.original_method"] = env["REQUEST_METHOD"]
env["REQUEST_METHOD"] = method
@@ -23,5 +20,14 @@ def call(env)
@app.call(env)
end
+
+ def method_override(env)
+ req = Request.new(env)
+ method = req.POST[METHOD_OVERRIDE_PARAM_KEY] ||
+ env[HTTP_METHOD_OVERRIDE_HEADER]
+ method.to_s.upcase
+ rescue EOFError
+ ""
+ end
end
end
View
15 test/spec_methodoverride.rb
@@ -55,4 +55,19 @@
req.env["rack.methodoverride.original_method"].should.equal "POST"
end
+
+ should "not modify REQUEST_METHOD when given invalid multipart form data" do
+ input = <<EOF
+--AaB03x\r
+content-disposition: form-data; name="huge"; filename="huge"\r
+EOF
+ env = Rack::MockRequest.env_for("/",
+ "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
+ "CONTENT_LENGTH" => input.size,
+ :method => "POST", :input => input)
+ app = Rack::MethodOverride.new(lambda{|envx| Rack::Request.new(envx) })
+ req = app.call(env)
+
+ req.env["REQUEST_METHOD"].should.equal "POST"
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.