-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Raise specific exception if the parameters are invalid #713
Conversation
This will close rails/rails#11795, rails/rails#3789 and rails/rails#16207 |
@@ -106,6 +111,8 @@ def parse_nested_query(qs, d = nil) | |||
end | |||
|
|||
return params.to_params_hash | |||
rescue ArgumentError => e | |||
raise InvalidParameterError, e.message |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add the backtrace from e
too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There are some cases where we try to parse the parameters but it fails with ArgumentError. 1. When the parameters come from the query string and contains invalid UTF-8 characters. In this case we raise ArgumentError when trying to match the key portion of parameters with a regexp. 2. When the parameters come from the request body and the query string contains invalid % encoded string. In this case we raise ArgumentError when calling URI.decode_www_form_component. Now both cases raise a InvalidParameterError what inherit from TypeError and we can catch this exception to show a bad request for users instead of an internal server error.
Raise specific exception if the parameters are invalid
Thanks for this fix! When can we expect a new version of Rack and Rails that incorporate this fix? |
* master: (62 commits) build_nested_query includes integer values Rack::ETag correctly marks etags as Weak Fix yet another body close bug in Rack::Deflater Implement full Logger interface on NullLogger Revert "support empty string multipart filename" support empty string multipart filename multipart/form-data with files with no input name Fix parent type API regression introduced in #713 correct weird case regression from #714 UrlMap: Enable case-insensitive domain matching Raise specific exception if the parameters are invalid Fix media_type_params when Content-Type parameters contains quoted-strings Rack::Multipart::UploadedFile has file extensions multipart content-type match now case insensitive Undo test that falsely exemplifies production env default_middleware_by_environment should always returns empty array for unknown keys Remove rbx from Travis' allow_failures Fix rbx settings for Travis Use latest 2.1 on Travis Enable cleanup of Tempfiles from multipart form data by default ... Conflicts: lib/rack/request.rb
There are some cases where we try to parse the parameters but it fails with ArgumentError.
Now both cases raise a InvalidParameterError what inherit from TypeError and we can catch this exception to show a bad request for users instead of an internal server error.
cc @tenderlove