Permalink
Browse files

Protect against error when parsing parameters with Bad Request

Related with #11795.
  • Loading branch information...
1 parent 4d1d81d commit d59a24d543b4fd34d453e8209caae5fef315ea78 @rafaelfranca rafaelfranca committed Aug 19, 2014
@@ -292,15 +292,15 @@ def session_options=(options)
# Override Rack's GET method to support indifferent access
def GET
@env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
- rescue TypeError => e
+ rescue TypeError, Rack::Utils::InvalidParameterError => e
raise ActionController::BadRequest.new(:query, e)
end
alias :query_parameters :GET
# Override Rack's POST method to support indifferent access
def POST
@env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
- rescue TypeError => e
+ rescue TypeError, Rack::Utils::InvalidParameterError => e
raise ActionController::BadRequest.new(:request, e)
end
alias :request_parameters :POST
@@ -909,6 +909,31 @@ class RequestParameters < BaseRequestTest
end
end
+ test "parameters not accessible after rack parse error of invalid UTF8 character" do
+ request = stub_request("QUERY_STRING" => "foo%81E=1")
+
+ 2.times do
+ assert_raises(ActionController::BadRequest) do
+ # rack will raise a Rack::Utils::InvalidParameterError when parsing this query string
+ request.parameters
+ end
+ end
+ end
+
+ test "parameters not accessible after rack parse error 1" do
+ request = stub_request(
+ 'REQUEST_METHOD' => 'POST',
+ 'CONTENT_LENGTH' => "a%=".length,
+ 'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=utf-8',
+ 'rack.input' => StringIO.new("a%=")
+ )
+
+ assert_raises(ActionController::BadRequest) do
+ # rack will raise a TypeError when parsing this query string
+ request.parameters
+ end
+ end
+
test "we have access to the original exception" do
request = stub_request("QUERY_STRING" => "x[y]=1&x[y][][w]=2")
@@ -28,6 +28,9 @@ def call(env)
LocalCacheRegistry.set_cache_for(local_cache_key, nil)
end
response
+ rescue Rack::Utils::InvalidParameterError
+ LocalCacheRegistry.set_cache_for(local_cache_key, nil)
+ [400, {}, []]
rescue Exception
LocalCacheRegistry.set_cache_for(local_cache_key, nil)
raise

1 comment on commit d59a24d

@Fudoshiki

Rack::Lint::LintError at /
header key must be a string, was Symbol

Ruby /usr/local/rvm/gems/ruby-2.1.2/bundler/gems/rack-e4e4c397e89c/lib/rack/lint.rb: in assert, line 20
Web GET localhost/

Please sign in to comment.