aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Heinemeier Hansson <david@loudthinking.com>2004-12-01 12:57:16 +0000
committerDavid Heinemeier Hansson <david@loudthinking.com>2004-12-01 12:57:16 +0000
commit50f333b203756009acff2457b6d1c9da3b532cad (patch)
tree14394927c17e2bdf212fbe77c8fb7deed7c6d4bd
parent79e85edd71a4c886b1ac074988963588d8c45755 (diff)
downloadrails-50f333b203756009acff2457b6d1c9da3b532cad.tar.gz
rails-50f333b203756009acff2457b6d1c9da3b532cad.tar.bz2
rails-50f333b203756009acff2457b6d1c9da3b532cad.zip
Added graceful handling of non-alphanumeric names and misplaced brackets in input parameters [bitsweat]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@39 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-rw-r--r--actionpack/CHANGELOG2
-rwxr-xr-xactionpack/lib/action_controller/cgi_ext/cgi_methods.rb30
-rwxr-xr-xactionpack/test/controller/cgi_test.rb36
3 files changed, 49 insertions, 19 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index eedef92916..e48b117bc7 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Added graceful handling of non-alphanumeric names and misplaced brackets in input parameters [bitsweat]
+
* Added a new container for cookies that makes them more intuative to use. The old methods of cookie and @cookies have been deprecated.
Examples for writing:
diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
index 261490580c..3736353b53 100755
--- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
+++ b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
@@ -63,29 +63,27 @@ class CGIMethods #:nodoc:
end
end
- def CGIMethods.get_levels(key_string)
- return [] if key_string.nil? or key_string.empty?
-
- levels = []
- main, existance = /(\w+)(\[)?.?/.match(key_string).captures
- levels << main
-
- unless existance.nil?
- hash_part = key_string.sub(/\w+\[/, "")
- hash_part.slice!(-1, 1)
- levels += hash_part.split(/\]\[/)
+ PARAMS_HASH_RE = /^([^\[]+)(\[.*\])?(.)?.*$/
+ def CGIMethods.get_levels(key)
+ all, main, bracketed, trailing = PARAMS_HASH_RE.match(key).to_a
+ if main.nil?
+ []
+ elsif trailing
+ [key]
+ elsif bracketed
+ [main] + bracketed.slice(1...-1).split('][')
+ else
+ [main]
end
-
- levels
end
-
+
def CGIMethods.build_deep_hash(value, hash, levels)
if levels.length == 0
- value;
+ value
elsif hash.nil?
{ levels.first => CGIMethods.build_deep_hash(value, nil, levels[1..-1]) }
else
hash.update({ levels.first => CGIMethods.build_deep_hash(value, hash[levels.first], levels[1..-1]) })
end
end
-end \ No newline at end of file
+end
diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb
index 46e24ab403..2cee763491 100755
--- a/actionpack/test/controller/cgi_test.rb
+++ b/actionpack/test/controller/cgi_test.rb
@@ -133,10 +133,40 @@ class CGITest < Test::Unit::TestCase
end
def test_parse_params_with_array
- input = { "selected[]" => [ "1", "2", "3" ] }
+ input = { "selected[]" => [ "1", "2", "3" ] }
- expected_output = { "selected" => [ "1", "2", "3" ] }
+ expected_output = { "selected" => [ "1", "2", "3" ] }
- assert_equal expected_output, CGIMethods.parse_request_parameters(input)
+ assert_equal expected_output, CGIMethods.parse_request_parameters(input)
+ end
+
+ def test_parse_params_with_non_alphanumeric_name
+ input = { "a/b[c]" => %w(d) }
+ expected = { "a/b" => { "c" => "d" }}
+ assert_equal expected, CGIMethods.parse_request_parameters(input)
+ end
+
+ def test_parse_params_with_single_brackets_in_middle
+ input = { "a/b[c]d" => %w(e) }
+ expected = { "a/b[c]d" => "e" }
+ assert_equal expected, CGIMethods.parse_request_parameters(input)
+ end
+
+ def test_parse_params_with_separated_brackets
+ input = { "a/b@[c]d[e]" => %w(f) }
+ expected = { "a/b@" => { "c]d[e" => "f" }}
+ assert_equal expected, CGIMethods.parse_request_parameters(input)
+ end
+
+ def test_parse_params_with_separated_brackets_and_array
+ input = { "a/b@[c]d[e][]" => %w(f) }
+ expected = { "a/b@" => { "c]d[e" => ["f"] }}
+ assert_equal expected , CGIMethods.parse_request_parameters(input)
+ end
+
+ def test_parse_params_with_unmatched_brackets_and_array
+ input = { "a/b@[c][d[e][]" => %w(f) }
+ expected = { "a/b@" => { "c" => { "d[e" => ["f"] }}}
+ assert_equal expected, CGIMethods.parse_request_parameters(input)
end
end