New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check `request.path_parameters` encoding at the point they're set #25816

Merged
merged 1 commit into from Jul 14, 2016

Conversation

Projects
None yet
6 participants
@greysteil
Contributor

greysteil commented Jul 13, 2016

Check for any non-UTF8 characters in path parameters at the point they're set in env. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.

(Lots of PRs today - Rails 5 bump coincided with pen testing at GoCardless, so we're surfacing lots of edge cases!)

@rails-bot

This comment has been minimized.

rails-bot commented Jul 13, 2016

r? @matthewd

(@rails-bot has picked a reviewer for you, use r? to override)

Check `request.path_parameters` encoding at the point they're set
Check for any non-UTF8 characters in path parameters at the point they're
set in `env`. Previously they were checked for when used to get a controller
class, but this meant routes that went directly to a Rack app, or skipped
controller instantiation for some other reason, had to defend against
non-UTF8 characters themselves.

@greysteil greysteil force-pushed the greysteil:check-path-param-encoding branch to 9f38a3f Jul 14, 2016

@greysteil

This comment has been minimized.

Contributor

greysteil commented Jul 14, 2016

@tenderlove - looks like you were the last person to look at the path_parameter encoding check (in 4797c4c). Any thoughts on this change?

@tenderlove

This comment has been minimized.

Member

tenderlove commented Jul 14, 2016

@greysteil looks great to me. Though I don't think I like that Rails enforces UTF-8 parameters (our app at work accepts other encodings, but that's neither here nor there). I'll merge this, thanks!

@tenderlove tenderlove merged commit b866be1 into rails:master Jul 14, 2016

2 checks passed

codeclimate Code Climate has skipped analysis of this commit.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@greysteil greysteil deleted the greysteil:check-path-param-encoding branch Jul 14, 2016

@greysteil

This comment has been minimized.

Contributor

greysteil commented Jul 14, 2016

Awesome, thanks @tenderlove!

@rafaelfranca

This comment has been minimized.

Member

rafaelfranca commented Jul 17, 2016

Backported in d2dde6c

rafaelfranca added a commit that referenced this pull request Jul 17, 2016

Merge pull request #25816 from greysteil/check-path-param-encoding
Check `request.path_parameters` encoding at the point they're set
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment