diff options
| author | Andrew White <andyw@pixeltrix.co.uk> | 2012-05-20 10:04:12 +0100 |
|---|---|---|
| committer | Andrew White <andyw@pixeltrix.co.uk> | 2012-05-20 19:07:04 +0100 |
| commit | 66eb3f02cc0894f08c4f912ba8bf6fb1f87e9a4a (patch) | |
| tree | ce416e619f911d542845eb1fe787f7d5f02cf593 /actionpack/lib/action_dispatch | |
| parent | 972376a9952ce3a1cb1babb9e408900d314ac577 (diff) | |
| download | rails-66eb3f02cc0894f08c4f912ba8bf6fb1f87e9a4a.tar.gz rails-66eb3f02cc0894f08c4f912ba8bf6fb1f87e9a4a.tar.bz2 rails-66eb3f02cc0894f08c4f912ba8bf6fb1f87e9a4a.zip | |
Raise ActionController::BadRequest for malformed parameter hashes.
Currently Rack raises a TypeError when it encounters a malformed or
ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this
through to the application this commit captures the exception and
re-raises it using a new ActionController::BadRequest exception.
The new ActionController::BadRequest exception returns a 400 error
instead of the 500 error that would've been returned by the original
TypeError. This allows exception notification libraries to ignore
these errors if so desired.
Closes #3051
Diffstat (limited to 'actionpack/lib/action_dispatch')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 13 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/exception_wrapper.rb | 3 |
2 files changed, 12 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 56908b5794..aa5ba3e8a5 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -231,17 +231,24 @@ module ActionDispatch # Override Rack's GET method to support indifferent access def GET - @env["action_dispatch.request.query_parameters"] ||= (normalize_parameters(super) || {}) + begin + @env["action_dispatch.request.query_parameters"] ||= (normalize_parameters(super) || {}) + rescue TypeError => e + raise ActionController::BadRequest, "Invalid query parameters: #{e.message}" + end end alias :query_parameters :GET # Override Rack's POST method to support indifferent access def POST - @env["action_dispatch.request.request_parameters"] ||= (normalize_parameters(super) || {}) + begin + @env["action_dispatch.request.request_parameters"] ||= (normalize_parameters(super) || {}) + rescue TypeError => e + raise ActionController::BadRequest, "Invalid request parameters: #{e.message}" + end end alias :request_parameters :POST - # Returns the authorization header regardless of whether it was specified directly or through one of the # proxy alternatives. def authorization diff --git a/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb b/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb index a8f49bd3bd..7349b578d2 100644 --- a/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb +++ b/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb @@ -12,7 +12,8 @@ module ActionDispatch 'ActionController::MethodNotAllowed' => :method_not_allowed, 'ActionController::NotImplemented' => :not_implemented, 'ActionController::UnknownFormat' => :not_acceptable, - 'ActionController::InvalidAuthenticityToken' => :unprocessable_entity + 'ActionController::InvalidAuthenticityToken' => :unprocessable_entity, + 'ActionController::BadRequest' => :bad_request ) cattr_accessor :rescue_templates |