Skip to content
Permalink
Browse files

Protect against error when parsing parameters with Bad Request

Related with #11795.
  • Loading branch information...
rafaelfranca committed Aug 19, 2014
1 parent 4d1d81d commit d59a24d543b4fd34d453e8209caae5fef315ea78
@@ -292,15 +292,15 @@ def session_options=(options)
# Override Rack's GET method to support indifferent access
def GET
@env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
rescue TypeError => e
rescue TypeError, Rack::Utils::InvalidParameterError => e
raise ActionController::BadRequest.new(:query, e)
end
alias :query_parameters :GET

# Override Rack's POST method to support indifferent access
def POST
@env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
rescue TypeError => e
rescue TypeError, Rack::Utils::InvalidParameterError => e
raise ActionController::BadRequest.new(:request, e)
end
alias :request_parameters :POST
@@ -909,6 +909,31 @@ class RequestParameters < BaseRequestTest
end
end

test "parameters not accessible after rack parse error of invalid UTF8 character" do
request = stub_request("QUERY_STRING" => "foo%81E=1")

2.times do
assert_raises(ActionController::BadRequest) do
# rack will raise a Rack::Utils::InvalidParameterError when parsing this query string
request.parameters
end
end
end

test "parameters not accessible after rack parse error 1" do
request = stub_request(
'REQUEST_METHOD' => 'POST',
'CONTENT_LENGTH' => "a%=".length,
'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=utf-8',
'rack.input' => StringIO.new("a%=")
)

assert_raises(ActionController::BadRequest) do
# rack will raise a TypeError when parsing this query string
request.parameters
end
end

test "we have access to the original exception" do
request = stub_request("QUERY_STRING" => "x[y]=1&x[y][][w]=2")

@@ -28,6 +28,9 @@ def call(env)
LocalCacheRegistry.set_cache_for(local_cache_key, nil)
end
response
rescue Rack::Utils::InvalidParameterError
LocalCacheRegistry.set_cache_for(local_cache_key, nil)
[400, {}, []]
rescue Exception
LocalCacheRegistry.set_cache_for(local_cache_key, nil)
raise

1 comment on commit d59a24d

@Fudoshiki

This comment has been minimized.

Copy link
Contributor

Fudoshiki commented on d59a24d Aug 19, 2014

Rack::Lint::LintError at /
header key must be a string, was Symbol

Ruby /usr/local/rvm/gems/ruby-2.1.2/bundler/gems/rack-e4e4c397e89c/lib/rack/lint.rb: in assert, line 20
Web GET localhost/

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.