Prevent RequestEncoder#encode_params to parse falsey params
#33392
Conversation
|
Thanks for the pull request, and welcome! The Rails team is excited to review your changes, and you should hear from @kaspth (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. This repository is being automatically checked for code quality issues using Code Climate. You can see results for this analysis in the PR status below. Newly introduced issues should be fixed before a Pull Request is considered ready to review. Please see the contribution instructions for more information. |
| @@ -4,6 +4,7 @@ | |||
| require "controller/fake_controllers" | |||
| require "rails/engine" | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Could you remove this extra line?
| @@ -34,7 +34,7 @@ def accept_header | |||
| end | |||
|
|
|||
| def encode_params(params) | |||
| @param_encoder.call(params) | |||
| @param_encoder.call(params) unless params.nil? | |||
There was a problem hiding this comment.
I think it should be fixed in actionpack/lib/action_dispatch/testing/integration.rb See diff:
diff --git a/actionpack/lib/action_dispatch/testing/integration.rb b/actionpack/lib/action_dispatch/testing/integration.rb
index 7637febd1c..9c6075ad0c 100644
--- a/actionpack/lib/action_dispatch/testing/integration.rb
+++ b/actionpack/lib/action_dispatch/testing/integration.rb
@@ -233,7 +233,7 @@ def process(method, path, params: nil, headers: nil, env: nil, xhr: false, as: n
request_env = {
:method => method,
- :params => request_encoder.encode_params(params),
+ :params => params.nil? ? nil : request_encoder.encode_params(params),
There was a problem hiding this comment.
@bogdanvlviv why shouldn't it be fixed in here? Isn't it a special case of the request encoder to handle?
I'd write it as @param_encoder.call(params) if params though.
Should we update some documentation too? E.g. to say that a request encoder will only be asked to encode params when they aren't nil or similar?
There was a problem hiding this comment.
Yeah, probably would be better just to write @param_encoder.call(params) if params in ActionDispatch::RequestEncoder, Since it is private api we haven't written any documentation.
By the way if
get "/foos_json", as: :json, params: false
request.url # => http://www.example.com/foos_json?falsecondition if params would fix it too.
@azbshiri My apologies for confusion. Could you apply @param_encoder.call(params) if params, and update the commit message accordance this change?
There was a problem hiding this comment.
I didn't commit and push the changes of Yesterday, it's ready to be merged. @bogdanvlviv
al3rez
force-pushed
the
actionpack/prevent-request-encoder-to-parse-nil-params
branch
from
385a14e
to
e38128c
Compare
|
@azbshiri Could you squash commits into one commit? |
al3rez
force-pushed
the
actionpack/prevent-request-encoder-to-parse-nil-params
branch
from
e38128c
to
c3ed3e2
Compare
|
done |
al3rez
force-pushed
the
actionpack/prevent-request-encoder-to-parse-nil-params
branch
2 times, most recently
from
4f420bf
to
34c5472
Compare
al3rez
changed the title
RequestEncoder#encode_params to parse nil paramsRequestEncoder#encode_params to parse falsey params
| @@ -233,7 +233,7 @@ def process(method, path, params: nil, headers: nil, env: nil, xhr: false, as: n | |||
|
|
|||
| request_env = { | |||
| :method => method, | |||
| :params => request_encoder.encode_params(params), | |||
| :params => params.nil? ? nil : request_encoder.encode_params(params), | |||
There was a problem hiding this comment.
I would remove this change since this is a specific usage of the encode_params method which already handles the issue.
There was a problem hiding this comment.
as i mentioned in tsolar reply that was the case, but i forgot to commit.
| @@ -233,7 +233,7 @@ def process(method, path, params: nil, headers: nil, env: nil, xhr: false, as: n | |||
|
|
|||
| request_env = { | |||
| :method => method, | |||
| :params => request_encoder.encode_params(params), | |||
| :params => params.nil? ? nil : request_encoder.encode_params(params), | |||
There was a problem hiding this comment.
if encode_params returns nil if params not present, then this conditional is not necessary
There was a problem hiding this comment.
@tsolar yeah it was the case, but i didn't commit yesterday.
al3rez
force-pushed
the
actionpack/prevent-request-encoder-to-parse-nil-params
branch
from
34c5472
to
0e59a32
Compare
When a `get` method called with `as: :json` and `params: nil` or `params: false` (explicitly or implicitly) `RequestEncoder#encode_params` converts it into a `null` or `false` value which includes a unexpected `null=` or `false` query string into request URL. From now on `RequestEncoder#encode_params` checks whether `params` is nil or not otherwise returns. Move down `nil` conversion guard Update CHANGELOG.md
al3rez
force-pushed
the
actionpack/prevent-request-encoder-to-parse-nil-params
branch
from
0e59a32
to
9b51ee9
Compare
|
Thanks! |
…coder-to-parse-nil-params Prevent `RequestEncoder#encode_params` to parse falsey params
Fixes #33388 - When a
getmethod called withas: :jsonandparams: nil(explicitly or implicitly)
RequestEncoder#encode_paramsconverts itinto a
nullvalue which includes a unexpectednull=query stringinto request URL. From now on
RequestEncoder#encode_paramscheckswhether
paramsis nil or not otherwise returns.