Allow rescue from parameter parse errors

[Gannon McGibbon + Josh Cheek]
author: Gannon McGibbon <gannon.mcgibbon@gmail.com> 2018-10-29 13:45:26 -0400
committer: Gannon McGibbon <gannon.mcgibbon@gmail.com> 2018-11-13 18:05:05 -0500
commit: 6b3faf8e502dbd238fe4b4c409e96308638297a1 (patch)
tree: e3257a024cdc9cacf79f4d6e38b4531ecca38da9 /actionpack/lib
parent: 0b75743e345f98d3f53f5a29fcd0e91d2a370a24 (diff)
download: rails-6b3faf8e502dbd238fe4b4c409e96308638297a1.tar.gz
rails-6b3faf8e502dbd238fe4b4c409e96308638297a1.tar.bz2
rails-6b3faf8e502dbd238fe4b4c409e96308638297a1.zip
5 files changed, 25 insertions, 8 deletions
diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb
index a678377d4f..7361946de5 100644
--- a/actionpack/lib/action_controller/metal/params_wrapper.rb
+++ b/actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -253,7 +253,10 @@ module ActionController
         # This will display the wrapped hash in the log file.
         request.filtered_parameters.merge! wrapped_filtered_hash
       end
-      super
+    ensure
+      # NOTE: Rescues all exceptions so they
+      # may be caught in ActionController::Rescue.
+      return super
     end
 
     private
diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb
index 9f8f178402..cbb772175c 100644
--- a/actionpack/lib/action_dispatch/http/filter_parameters.rb
+++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb
@@ -41,6 +41,8 @@ module ActionDispatch
       # Returns a hash of parameters with all sensitive data replaced.
       def filtered_parameters
         @filtered_parameters ||= parameter_filter.filter(parameters)
+      rescue ActionDispatch::Http::Parameters::ParseError
+        @filtered_parameters = {}
       end
 
       # Returns a hash of request.env with all sensitive data replaced.
diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index be129965d1..498b1e6695 100644
--- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -7,6 +7,11 @@ module ActionDispatch
     module MimeNegotiation
       extend ActiveSupport::Concern
 
+      RESCUABLE_MIME_FORMAT_ERRORS = [
+        ActionController::BadRequest,
+        ActionDispatch::Http::Parameters::ParseError,
+      ]
+
       included do
         mattr_accessor :ignore_accept_header, default: false
       end
@@ -59,7 +64,7 @@ module ActionDispatch
         fetch_header("action_dispatch.request.formats") do |k|
           params_readable = begin
                               parameters[:format]
-                            rescue ActionController::BadRequest
+                            rescue *RESCUABLE_MIME_FORMAT_ERRORS
                               false
                             end
 
diff --git a/actionpack/lib/action_dispatch/http/parameters.rb b/actionpack/lib/action_dispatch/http/parameters.rb
index 8d7431fd6b..13d0963a33 100644
--- a/actionpack/lib/action_dispatch/http/parameters.rb
+++ b/actionpack/lib/action_dispatch/http/parameters.rb
@@ -111,13 +111,23 @@ module ActionDispatch
           begin
             strategy.call(raw_post)
           rescue # JSON or Ruby code block errors.
-            my_logger = logger || ActiveSupport::Logger.new($stderr)
-            my_logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{raw_post}"
-
+            log_parse_error_once
             raise ParseError
           end
         end
 
+        def log_parse_error_once
+          @parse_error_logged ||= begin
+            parse_logger = logger || ActiveSupport::Logger.new($stderr)
+            parse_logger.debug <<~MSG.chomp
+              Error occurred while parsing request parameters.
+              Contents:
+
+              #{raw_post}
+            MSG
+          end
+        end
+
         def params_parsers
           ActionDispatch::Request.parameter_parsers
         end
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 7bc364d370..44f23940d3 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -383,9 +383,6 @@ module ActionDispatch
         end
         self.request_parameters = Request::Utils.normalize_encode_params(pr)
       end
-    rescue Http::Parameters::ParseError # one of the parse strategies blew up
-      self.request_parameters = Request::Utils.normalize_encode_params(super || {})
-      raise
     rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
       raise ActionController::BadRequest.new("Invalid request parameters: #{e.message}")
     end
author	Gannon McGibbon <gannon.mcgibbon@gmail.com>	2018-10-29 13:45:26 -0400
committer	Gannon McGibbon <gannon.mcgibbon@gmail.com>	2018-11-13 18:05:05 -0500
commit	6b3faf8e502dbd238fe4b4c409e96308638297a1 (patch)
tree	e3257a024cdc9cacf79f4d6e38b4531ecca38da9 /actionpack/lib
parent	0b75743e345f98d3f53f5a29fcd0e91d2a370a24 (diff)
download	rails-6b3faf8e502dbd238fe4b4c409e96308638297a1.tar.gz rails-6b3faf8e502dbd238fe4b4c409e96308638297a1.tar.bz2 rails-6b3faf8e502dbd238fe4b4c409e96308638297a1.zip