Added graceful handling of non-alphanumeric names and misplaced brackets in input parameters [bitsweat]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@39 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

3 files changed, 49 insertions, 19 deletions

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index eedef92916..e48b117bc7 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Added graceful handling of non-alphanumeric names and misplaced brackets in input parameters [bitsweat]
+
 * Added a new container for cookies that makes them more intuative to use. The old methods of cookie and @cookies have been deprecated.
 
   Examples for writing:
diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
index 261490580c..3736353b53 100755
--- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
+++ b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
@@ -63,29 +63,27 @@ class CGIMethods #:nodoc:
       end
     end
   
-    def CGIMethods.get_levels(key_string)
-      return [] if key_string.nil? or key_string.empty?
-
-      levels = []
-      main, existance = /(\w+)(\[)?.?/.match(key_string).captures
-      levels << main
-      
-      unless existance.nil?
-        hash_part = key_string.sub(/\w+\[/, "")
-        hash_part.slice!(-1, 1)
-        levels += hash_part.split(/\]\[/)
+    PARAMS_HASH_RE = /^([^\[]+)(\[.*\])?(.)?.*$/
+    def CGIMethods.get_levels(key)
+      all, main, bracketed, trailing = PARAMS_HASH_RE.match(key).to_a
+      if main.nil?
+        []
+      elsif trailing
+        [key]
+      elsif bracketed
+        [main] + bracketed.slice(1...-1).split('][')
+      else
+        [main]
       end
-      
-      levels
     end
-    
+
     def CGIMethods.build_deep_hash(value, hash, levels)
       if levels.length == 0
-        value;
+        value
       elsif hash.nil?
         { levels.first => CGIMethods.build_deep_hash(value, nil, levels[1..-1]) }
       else
         hash.update({ levels.first => CGIMethods.build_deep_hash(value, hash[levels.first], levels[1..-1]) })
       end
     end
-end
\ No newline at end of file
+end
diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb
index 46e24ab403..2cee763491 100755
--- a/actionpack/test/controller/cgi_test.rb
+++ b/actionpack/test/controller/cgi_test.rb
@@ -133,10 +133,40 @@ class CGITest < Test::Unit::TestCase
   end
 
   def test_parse_params_with_array
-      input = { "selected[]" =>  [ "1", "2", "3" ] }
+    input = { "selected[]" =>  [ "1", "2", "3" ] }
 
-      expected_output = { "selected" => [ "1", "2", "3" ] }
+    expected_output = { "selected" => [ "1", "2", "3" ] }
 
-      assert_equal expected_output, CGIMethods.parse_request_parameters(input)
+    assert_equal expected_output, CGIMethods.parse_request_parameters(input)
+  end
+
+  def test_parse_params_with_non_alphanumeric_name
+    input     = { "a/b[c]" =>  %w(d) }
+    expected  = { "a/b" => { "c" => "d" }}
+    assert_equal expected, CGIMethods.parse_request_parameters(input)
+  end
+
+  def test_parse_params_with_single_brackets_in_middle
+    input     = { "a/b[c]d" =>  %w(e) }
+    expected  = { "a/b[c]d" => "e" }
+    assert_equal expected, CGIMethods.parse_request_parameters(input)
+  end
+
+  def test_parse_params_with_separated_brackets
+    input     = { "a/b@[c]d[e]" =>  %w(f) }
+    expected  = { "a/b@" => { "c]d[e" => "f" }}
+    assert_equal expected, CGIMethods.parse_request_parameters(input)
+  end
+
+  def test_parse_params_with_separated_brackets_and_array
+    input     = { "a/b@[c]d[e][]" =>  %w(f) }
+    expected  = { "a/b@" => { "c]d[e" => ["f"] }}
+    assert_equal expected , CGIMethods.parse_request_parameters(input)
+  end
+
+  def test_parse_params_with_unmatched_brackets_and_array
+    input     = { "a/b@[c][d[e][]" =>  %w(f) }
+    expected  = { "a/b@" => { "c" => { "d[e" => ["f"] }}}
+    assert_equal expected, CGIMethods.parse_request_parameters(input)
   end
 end