Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check request.path_parameters encoding at the point they're set #25816

Merged
merged 1 commit into from Jul 14, 2016

Conversation

@greysteil
Copy link
Contributor

@greysteil greysteil commented Jul 13, 2016

Check for any non-UTF8 characters in path parameters at the point they're set in env. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.

(Lots of PRs today - Rails 5 bump coincided with pen testing at GoCardless, so we're surfacing lots of edge cases!)

@rails-bot
Copy link

@rails-bot rails-bot commented Jul 13, 2016

r? @matthewd

(@rails-bot has picked a reviewer for you, use r? to override)

Check for any non-UTF8 characters in path parameters at the point they're
set in `env`. Previously they were checked for when used to get a controller
class, but this meant routes that went directly to a Rack app, or skipped
controller instantiation for some other reason, had to defend against
non-UTF8 characters themselves.
@greysteil greysteil force-pushed the greysteil:check-path-param-encoding branch to 9f38a3f Jul 14, 2016
@greysteil
Copy link
Contributor Author

@greysteil greysteil commented Jul 14, 2016

@tenderlove - looks like you were the last person to look at the path_parameter encoding check (in 4797c4c). Any thoughts on this change?

@tenderlove
Copy link
Member

@tenderlove tenderlove commented Jul 14, 2016

@greysteil looks great to me. Though I don't think I like that Rails enforces UTF-8 parameters (our app at work accepts other encodings, but that's neither here nor there). I'll merge this, thanks!

@tenderlove tenderlove merged commit b866be1 into rails:master Jul 14, 2016
2 checks passed
2 checks passed
codeclimate Code Climate has skipped analysis of this commit.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@greysteil greysteil deleted the greysteil:check-path-param-encoding branch Jul 14, 2016
@greysteil
Copy link
Contributor Author

@greysteil greysteil commented Jul 14, 2016

Awesome, thanks @tenderlove!

@rafaelfranca
Copy link
Member

@rafaelfranca rafaelfranca commented Jul 17, 2016

Backported in d2dde6c

rafaelfranca added a commit that referenced this pull request Jul 17, 2016
Check `request.path_parameters` encoding at the point they're set
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

6 participants