aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
diff options
context:
space:
mode:
authorKasper Timm Hansen <kaspth@gmail.com>2015-10-23 22:28:28 +0200
committerKasper Timm Hansen <kaspth@gmail.com>2015-10-23 22:28:28 +0200
commit50f248cae5fd7d0fb41bfef3d52c32cc55666ce4 (patch)
tree5bbae87d4879f32c6914607d261a05bcdef7a77a /actionpack/lib/action_dispatch/http
parent6f62ace65a720f515da82f5fc5f3e7eab1df8658 (diff)
parent59ab2d1ee5995d9ea27ca60e92576518c1898c59 (diff)
downloadrails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.tar.gz
rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.tar.bz2
rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.zip
Merge pull request #21990 from greysteil/invalid-utf8-querystrings
Catch invalid UTF-8 querystring values and respond with BadRequest
Diffstat (limited to 'actionpack/lib/action_dispatch/http')
-rw-r--r--actionpack/lib/action_dispatch/http/request.rb5
1 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index c6ab4dbc9a..35e3ac304f 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -338,7 +338,10 @@ module ActionDispatch
# Override Rack's GET method to support indifferent access
def GET
fetch_header("action_dispatch.request.query_parameters") do |k|
- set_header k, Request::Utils.normalize_encode_params(super || {})
+ rack_query_params = super || {}
+ # Check for non UTF-8 parameter values, which would cause errors later
+ Request::Utils.check_param_encoding(rack_query_params)
+ set_header k, Request::Utils.normalize_encode_params(rack_query_params)
end
rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
raise ActionController::BadRequest.new("Invalid query parameters: #{e.message}", e)