Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Crash on submitting form with a list-variable after a normal variable with same name #400

Closed
edruid opened this Issue Jul 3, 2012 · 5 comments

Comments

Projects
None yet
4 participants

edruid commented Jul 3, 2012

If I submit a query with a query string containing a variable type parameter (variable=) and a list type parameter with the same name (variable[]=), this will result in rack crashing with a "undefined method `merge' for nil:NilClass" message

Steps to reproduce

Go to any page with both list and variable syntax in either GET or POST data.
Example:
http://127.0.0.1:7000?same=foo&same[]=bar

Submitting the same variables in reverse order results in the variable being the last value ("bar" below)
http://127.0.0.1:7000?same[]=foo&same=bar

Expected behaviour

I'm not quite sure what is expected but I guess a list containing only "bar" would be consistent
["bar"]

Feel free to contact me if you need any further information.

Contributor

elcuervo commented Jul 6, 2012

In master the query parser returns

{"same" => "foo", "same[]" => "bar"}

But running 1.4.1 & master I don't get a crash. What version are you running in which server?

edruid commented Jul 6, 2012

I'm running 1.4.1 using thin.

It might be that this is actually a bug in ramaze (which I'm using an ancient version of)

Traceback (innermost first)

    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/rack-1.4.1/lib/rack/request.rb: in params
        @params ||= self.GET.merge(self.POST)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/current/request.rb: in params
        @rack_params ||= super...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/current/request.rb: in pretty_print
        p, c, e = params, cookies, http_vars...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/pp.rb: in block in pp
        group {obj.pretty_print self}...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/prettyprint.rb: in block (2 levels) in group
        yield...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/prettyprint.rb: in nest
        yield...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/prettyprint.rb: in block in group
        nest(indent) {...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/prettyprint.rb: in group_sub
        yield...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/prettyprint.rb: in group
        group_sub {...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/pp.rb: in pp
        group {obj.pretty_print self}...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/pp.rb: in block in pp
        q.guard_inspect_key {q.pp obj}...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/pp.rb: in guard_inspect_key
        yield...
    /home/druid/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/pp.rb: in pp
        q.guard_inspect_key {q.pp obj}...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/snippets/object/pretty.rb: in pretty
        PP.pp(self, s)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/dispatcher/error.rb: in rescue in call
        #{ Request.current.pretty }\n...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/dispatcher/error.rb: in call
        log_error(error)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/dispatcher.rb: in error
        Dispatcher::Error.call(obj, meta)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/dispatcher.rb: in rescue in call
        error(exception)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/dispatcher.rb: in call
        path = request.path_info.squeeze('/')...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/current.rb: in call
        @app.call(env)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/reloader.rb: in call
        @app.call(env) if @app...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/rack-1.4.1/lib/rack/showstatus.rb: in call
        status, headers, body = @app.call(env)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/rack-1.4.1/lib/rack/showexceptions.rb: in call
        @app.call(env)...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/adapter/base.rb: in block in respond
        Adapter::middleware.call(env)...
    /home/druid/development/demo/casinored_redbet/lib/ramaze/fixes.rb: in call
        block.call...
    /home/druid/development/demo/casinored_redbet/lib/ramaze/fixes.rb: in wrap
        block.call...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/adapter/base.rb: in respond
        Ramaze::STATE.wrap do...
    /home/druid/.rvm/gems/ruby-1.9.3-p125/gems/ramaze-2009.03/lib/ramaze/adapter/base.rb: in call
        respond(env)...
...
Owner

raggi commented Nov 2, 2012

Please do a search through other tickets on parse_nested_query for background on this. It's an opinion problem, and we're not going to change the conventions anymore. If you want a specific parse_nested_query behavior that is different from our conventions, please implement one. If you find a bug within our specific conventions, please continue to supply issues.

@raggi raggi closed this Nov 2, 2012

Hi @raggi I'm having this same issue but with a current (3.2) Rails application. I'm fine with parse_nested_query not wanting to handle this complex scenario in all the various ways folks might want it to, but right now the behavior is that I can craft a param string that will crash any running Rack application. That doesn't seem right no matter what.

Just to be clear in my testing was with Rails 3.2.12 and Rack 1.4.5. Any route string with same=foo&same[]=bar in the params threw an Exception.

I also looked around and see that this crashes all Rails based websites that I tried to test, including github.com, rubygems.org, etc.

All of these sites are returning 500 errors and all of my Rails applications return "undefined method `merge' for nil:NilClass" as the error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment