Handle non-utf-8 characters on an invalid url request

openstax · Aug 8, 2016 · 947f04d · 947f04d
1 parent 3a7b75e
commit 947f04d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/lib/json_and_string_parameter_filter.rb b/lib/json_and_string_parameter_filter.rb
@@ -40,10 +40,10 @@ def run(param_key, param_value)
       # no need to do anything with param_value as it's nil
     elsif param_value.is_a?(String)
       if param_key =~ @string_regexp
-        param_value.gsub!(/^.*$/, '[FILTERED]')
+        param_value.gsub!(/^.*$/, '[FILTERED]').encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
       else
         @value_filters.each do |value_filter|
-          param_value.gsub!(/^.*$/, '[FILTERED]') if value_filter.call(param_value)
+          param_value.gsub!(/^.*$/, '[FILTERED]').encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '') if value_filter.call(param_value.encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: ''))
         end
       end
     elsif param_value.is_a?(Hash)

diff --git a/spec/features/unknown_route_spec.rb b/spec/features/unknown_route_spec.rb
@@ -12,4 +12,10 @@
     expect(page).to have_http_status :not_found
   end
 
+  scenario "with non-utf-8 characters" do
+    visit "/%E2%EF%BF%BD%A6"
+
+    expect(page).to have_http_status :not_found
+  end
+
 end