diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-08-19 15:32:16 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-08-19 15:36:05 -0300 |
| commit | d59a24d543b4fd34d453e8209caae5fef315ea78 (patch) | |
| tree | 109b429dd60534634379583f3cf8d391c9f95fb5 | |
| parent | 4d1d81d33804449b19f34643b4ed396a5da02edc (diff) | |
| download | rails-d59a24d543b4fd34d453e8209caae5fef315ea78.tar.gz rails-d59a24d543b4fd34d453e8209caae5fef315ea78.tar.bz2 rails-d59a24d543b4fd34d453e8209caae5fef315ea78.zip | |
Protect against error when parsing parameters with Bad Request
Related with #11795.
| -rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/dispatch/request_test.rb | 25 | ||||
| -rw-r--r-- | activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb | 3 |
3 files changed, 30 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 8c035c3c6c..f35289253b 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -292,7 +292,7 @@ module ActionDispatch # Override Rack's GET method to support indifferent access def GET @env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {})) - rescue TypeError => e + rescue TypeError, Rack::Utils::InvalidParameterError => e raise ActionController::BadRequest.new(:query, e) end alias :query_parameters :GET @@ -300,7 +300,7 @@ module ActionDispatch # Override Rack's POST method to support indifferent access def POST @env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {})) - rescue TypeError => e + rescue TypeError, Rack::Utils::InvalidParameterError => e raise ActionController::BadRequest.new(:request, e) end alias :request_parameters :POST diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index fe9ee6f73d..84bd392fd9 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -909,6 +909,31 @@ class RequestParameters < BaseRequestTest end end + test "parameters not accessible after rack parse error of invalid UTF8 character" do + request = stub_request("QUERY_STRING" => "foo%81E=1") + + 2.times do + assert_raises(ActionController::BadRequest) do + # rack will raise a Rack::Utils::InvalidParameterError when parsing this query string + request.parameters + end + end + end + + test "parameters not accessible after rack parse error 1" do + request = stub_request( + 'REQUEST_METHOD' => 'POST', + 'CONTENT_LENGTH' => "a%=".length, + 'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=utf-8', + 'rack.input' => StringIO.new("a%=") + ) + + assert_raises(ActionController::BadRequest) do + # rack will raise a TypeError when parsing this query string + request.parameters + end + end + test "we have access to the original exception" do request = stub_request("QUERY_STRING" => "x[y]=1&x[y][][w]=2") diff --git a/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb b/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb index 901c2e05a8..c55600a02d 100644 --- a/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb +++ b/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb @@ -28,6 +28,9 @@ module ActiveSupport LocalCacheRegistry.set_cache_for(local_cache_key, nil) end response + rescue Rack::Utils::InvalidParameterError + LocalCacheRegistry.set_cache_for(local_cache_key, nil) + [400, {}, []] rescue Exception LocalCacheRegistry.set_cache_for(local_cache_key, nil) raise |