Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not raise InvalidLocale errors #198

Merged
merged 3 commits into from Jul 30, 2019
Merged

Do not raise InvalidLocale errors #198

merged 3 commits into from Jul 30, 2019

Conversation

tagliala
Copy link
Collaborator

When a user passes an invalid locale to an unlocalized route (such as
ActiveStorage routes or routes outside the localized block),
route_translator does not check if the locale is included in the
available locales list and a default Rails configuration will raise
an InvalidLocale error.

This behaviour could potentially open to DOS attacks (eg: flooding an
exception tracker)

This commit will prevent to set locales that are not included in
I18n.available_locales

Close: #196

@tagliala tagliala mentioned this pull request Jul 20, 2019
Closed
@tagliala tagliala added this to the 7.0.0 milestone Jul 20, 2019
@coveralls
Copy link

coveralls commented Jul 20, 2019
edited

Coverage Status

Coverage increased (+0.007%) to 99.333% when pulling def83c0 on feature/do-not-raise-invalid-locale-errors into 8d0366e on develop.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.006%) to 99.351% when pulling 1fc53de on feature/do-not-raise-invalid-locale-errors into 92b412d on develop.

@tagliala tagliala changed the title Feature/do not raise invalid locale errors Do not raise InvalidLocale errors Jul 20, 2019
@tagliala tagliala force-pushed the feature/do-not-raise-invalid-locale-errors branch from 1fc53de to 90a59b9 Compare July 21, 2019 16:21
@tagliala
Rename locale variables
4061f39 
Use meaningful names for locale variables
@tagliala
Return nil when host does not match any locale
4afa600 
This change will prevent that `set_locale_from_url` will always have a
value, even if `host_locales` option is not being used.

This will also prevent to temporarily change the locale when there is
not the need to do that.
@tagliala tagliala force-pushed the feature/do-not-raise-invalid-locale-errors branch from 90a59b9 to 3120965 Compare July 22, 2019 10:48
@tagliala
Do not raise InvalidLocale errors
def83c0 
When a user passes an invalid locale to an unlocalized route (such as
ActiveStorage routes or routes outside the `localized` block),
`route_translator` does not check if the locale is included in the
available locales list and a default Rails configuration will raise
an InvalidLocale error.

This behavior could potentially open to DOS attacks (eg: flooding an
exception tracker)

This commit will prevent to set locales that are not included in
`I18n.available_locales`

Close: #196
@tagliala tagliala force-pushed the feature/do-not-raise-invalid-locale-errors branch from 3120965 to def83c0 Compare July 22, 2019 10:50
@tagliala
Copy link
Collaborator Author

/cc @cernyjakub

If you can run your application tests against this branch, I could merge to develop and cut a new major release.

Also, since this is a potential breaking change, I'm tempted to merge another breaking change, #200

@tagliala tagliala mentioned this pull request Jul 29, 2019
Closed
@tagliala tagliala merged commit 6954f4b into develop Jul 30, 2019
@tagliala tagliala deleted the feature/do-not-raise-invalid-locale-errors branch July 30, 2019 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
breaking change bug enhancement
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tagliala @coveralls