Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check request.path_parameters encoding at the point they're set #25816

Merged
merged 1 commit into from Jul 14, 2016
Merged

Check request.path_parameters encoding at the point they're set #25816

merged 1 commit into from Jul 14, 2016

Conversation

greysteil
Copy link
Contributor

@greysteil greysteil commented Jul 13, 2016
edited

Check for any non-UTF8 characters in path parameters at the point they're set in env. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.

(Lots of PRs today - Rails 5 bump coincided with pen testing at GoCardless, so we're surfacing lots of edge cases!)

@rails-bot
Copy link

r? @matthewd

(@rails-bot has picked a reviewer for you, use r? to override)

@greysteil
Check request.path_parameters encoding at the point they're set
9f38a3f 
Check for any non-UTF8 characters in path parameters at the point they're
set in `env`. Previously they were checked for when used to get a controller
class, but this meant routes that went directly to a Rack app, or skipped
controller instantiation for some other reason, had to defend against
non-UTF8 characters themselves.
@greysteil
Copy link
Contributor Author

@tenderlove - looks like you were the last person to look at the path_parameter encoding check (in 4797c4cac). Any thoughts on this change?

@tenderlove
Copy link
Member

@greysteil looks great to me. Though I don't think I like that Rails enforces UTF-8 parameters (our app at work accepts other encodings, but that's neither here nor there). I'll merge this, thanks!

@tenderlove tenderlove merged commit b866be1 into rails:master Jul 14, 2016
@greysteil greysteil deleted the check-path-param-encoding branch July 14, 2016 18:10
@greysteil
Copy link
Contributor Author

Awesome, thanks @tenderlove!

@rafaelfranca
Copy link
Member

Backported in d2dde6c

rafaelfranca pushed a commit that referenced this pull request Jul 17, 2016
@tenderlove @rafaelfranca
Merge pull request #25816 from greysteil/check-path-param-encoding
d2dde6c 
Check `request.path_parameters` encoding at the point they're set
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@matthewd matthewd

Labels
actionpack
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@greysteil @rails-bot @tenderlove @rafaelfranca @matthewd @maclover7