aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/request
diff options
context:
space:
mode:
authorGrey Baker <greysteil@gmail.com>2015-10-18 19:27:54 +0100
committerGrey Baker <greysteil@gmail.com>2015-10-23 14:56:47 +0100
commit59ab2d1ee5995d9ea27ca60e92576518c1898c59 (patch)
tree5bbae87d4879f32c6914607d261a05bcdef7a77a /actionpack/lib/action_dispatch/request
parent6f62ace65a720f515da82f5fc5f3e7eab1df8658 (diff)
downloadrails-59ab2d1ee5995d9ea27ca60e92576518c1898c59.tar.gz
rails-59ab2d1ee5995d9ea27ca60e92576518c1898c59.tar.bz2
rails-59ab2d1ee5995d9ea27ca60e92576518c1898c59.zip
Catch invalid UTF-8 querystring values and respond with BadRequest
Diffstat (limited to 'actionpack/lib/action_dispatch/request')
-rw-r--r--actionpack/lib/action_dispatch/request/utils.rb15
1 files changed, 15 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/request/utils.rb b/actionpack/lib/action_dispatch/request/utils.rb
index a8151a8224..bb3df3c311 100644
--- a/actionpack/lib/action_dispatch/request/utils.rb
+++ b/actionpack/lib/action_dispatch/request/utils.rb
@@ -13,6 +13,21 @@ module ActionDispatch
end
end
+ def self.check_param_encoding(params)
+ case params
+ when Array
+ params.each { |element| check_param_encoding(element) }
+ when Hash
+ params.each_value { |value| check_param_encoding(value) }
+ when String
+ unless params.valid_encoding?
+ # Raise Rack::Utils::InvalidParameterError for consistency with Rack.
+ # ActionDispatch::Request#GET will re-raise as a BadRequest error.
+ raise Rack::Utils::InvalidParameterError, "Non UTF-8 value: #{params}"
+ end
+ end
+ end
+
class ParamEncoder # :nodoc:
# Convert nested Hash to HashWithIndifferentAccess.
#
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 15:47:00 +0000