diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2015-10-23 22:28:28 +0200 |
|---|---|---|
| committer | Kasper Timm Hansen <kaspth@gmail.com> | 2015-10-23 22:28:28 +0200 |
| commit | 50f248cae5fd7d0fb41bfef3d52c32cc55666ce4 (patch) | |
| tree | 5bbae87d4879f32c6914607d261a05bcdef7a77a /actionpack/lib/action_dispatch/request | |
| parent | 6f62ace65a720f515da82f5fc5f3e7eab1df8658 (diff) | |
| parent | 59ab2d1ee5995d9ea27ca60e92576518c1898c59 (diff) | |
| download | rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.tar.gz rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.tar.bz2 rails-50f248cae5fd7d0fb41bfef3d52c32cc55666ce4.zip | |
Merge pull request #21990 from greysteil/invalid-utf8-querystrings
Catch invalid UTF-8 querystring values and respond with BadRequest
Diffstat (limited to 'actionpack/lib/action_dispatch/request')
| -rw-r--r-- | actionpack/lib/action_dispatch/request/utils.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/request/utils.rb b/actionpack/lib/action_dispatch/request/utils.rb index a8151a8224..bb3df3c311 100644 --- a/actionpack/lib/action_dispatch/request/utils.rb +++ b/actionpack/lib/action_dispatch/request/utils.rb @@ -13,6 +13,21 @@ module ActionDispatch end end + def self.check_param_encoding(params) + case params + when Array + params.each { |element| check_param_encoding(element) } + when Hash + params.each_value { |value| check_param_encoding(value) } + when String + unless params.valid_encoding? + # Raise Rack::Utils::InvalidParameterError for consistency with Rack. + # ActionDispatch::Request#GET will re-raise as a BadRequest error. + raise Rack::Utils::InvalidParameterError, "Non UTF-8 value: #{params}" + end + end + end + class ParamEncoder # :nodoc: # Convert nested Hash to HashWithIndifferentAccess. # |