diff options
| author | eileencodes <eileencodes@gmail.com> | 2017-08-01 13:02:53 -0400 |
|---|---|---|
| committer | eileencodes <eileencodes@gmail.com> | 2017-08-01 13:28:57 -0400 |
| commit | 92209356c310caabda8665d6369d3b1e4a1800d1 (patch) | |
| tree | 58f91bdfba733804b53a64ebfbd5770af35f68c8 /actionpack/lib/action_dispatch/http/parameters.rb | |
| parent | 030c66a51faf9f43bfc6093ed6cc119e9a09a09a (diff) | |
| download | rails-92209356c310caabda8665d6369d3b1e4a1800d1.tar.gz rails-92209356c310caabda8665d6369d3b1e4a1800d1.tar.bz2 rails-92209356c310caabda8665d6369d3b1e4a1800d1.zip | |
Path parameters should default to UTF8
This commit changes the behavior such the path_params now default to
UTF8 just like regular parameters. This also changes the behavior such
that if a path parameter contains invalid UTF8 it returns a 400 bad
request. Previously the behavior was to encode the path params as binary
but that's not the same as query params.
So this commit makes path params behave the same as query params.
It's important to test with a path that's encoded as binary because
that's how paths are encoded from the socket. The test that was altered
was changed to make the behavior for bad encoding the same as query
params. We want to treat path params the same as query params. The params
in the test are invalid UTF8 so they should return a bad request.
Fixes #29669
*Eileen M. Uchitelle, Aaron Patterson, & Tsukuru Tanimichi*
Diffstat (limited to 'actionpack/lib/action_dispatch/http/parameters.rb')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/parameters.rb | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/actionpack/lib/action_dispatch/http/parameters.rb b/actionpack/lib/action_dispatch/http/parameters.rb index d80d1d714c..ae875eb830 100644 --- a/actionpack/lib/action_dispatch/http/parameters.rb +++ b/actionpack/lib/action_dispatch/http/parameters.rb @@ -57,7 +57,7 @@ module ActionDispatch query_parameters.dup end params.merge!(path_parameters) - params = set_binary_encoding(params) + params = set_binary_encoding(params, params[:controller], params[:action]) set_header("action_dispatch.request.parameters", params) params end @@ -66,6 +66,7 @@ module ActionDispatch def path_parameters=(parameters) #:nodoc: delete_header("action_dispatch.request.parameters") + parameters = set_binary_encoding(parameters, parameters[:controller], parameters[:action]) # If any of the path parameters has an invalid encoding then # raise since it's likely to trigger errors further on. Request::Utils.check_param_encoding(parameters) @@ -85,9 +86,10 @@ module ActionDispatch private - def set_binary_encoding(params) - action = params[:action] - if binary_params_for?(action) + def set_binary_encoding(params, controller, action) + return params unless controller && controller.valid_encoding? + + if binary_params_for?(controller, action) ActionDispatch::Request::Utils.each_param_value(params) do |param| param.force_encoding ::Encoding::ASCII_8BIT end @@ -95,8 +97,8 @@ module ActionDispatch params end - def binary_params_for?(action) - controller_class.binary_params_for?(action) + def binary_params_for?(controller, action) + controller_class_for(controller).binary_params_for?(action) rescue NameError false end |