diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2015-10-23 22:28:28 +0200 |
---|---|---|
committer | Kasper Timm Hansen <kaspth@gmail.com> | 2015-10-23 22:28:28 +0200 |
commit | 50f248cae5fd7d0fb41bfef3d52c32cc55666ce4 (patch) | |
tree | 5bbae87d4879f32c6914607d261a05bcdef7a77a /actionpack/lib/action_dispatch/http | |
parent | 6f62ace65a720f515da82f5fc5f3e7eab1df8658 (diff) | |
parent | 59ab2d1ee5995d9ea27ca60e92576518c1898c59 (diff) | |
download | rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.tar.gz rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.tar.bz2 rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.zip |
Merge pull request #21990 from greysteil/invalid-utf8-querystrings
Catch invalid UTF-8 querystring values and respond with BadRequest
Diffstat (limited to 'actionpack/lib/action_dispatch/http')
-rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index c6ab4dbc9a..35e3ac304f 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -338,7 +338,10 @@ module ActionDispatch # Override Rack's GET method to support indifferent access def GET fetch_header("action_dispatch.request.query_parameters") do |k| - set_header k, Request::Utils.normalize_encode_params(super || {}) + rack_query_params = super || {} + # Check for non UTF-8 parameter values, which would cause errors later + Request::Utils.check_param_encoding(rack_query_params) + set_header k, Request::Utils.normalize_encode_params(rack_query_params) end rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e raise ActionController::BadRequest.new("Invalid query parameters: #{e.message}", e) |