diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-30 15:13:03 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-30 15:13:03 -0700 |
| commit | 060c91cd59ab86583a8f2f52142960d3433f62f5 (patch) | |
| tree | dc9b28cc7d37ad280a5a582dbddb19eaf42407f1 /actionpack/test/dispatch/request | |
| parent | 9340f89849606dba02f44038171f3837f883fd4e (diff) | |
| download | rails-060c91cd59ab86583a8f2f52142960d3433f62f5.tar.gz rails-060c91cd59ab86583a8f2f52142960d3433f62f5.tar.bz2 rails-060c91cd59ab86583a8f2f52142960d3433f62f5.zip | |
Strip [nil] from parameters hash.
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
Diffstat (limited to 'actionpack/test/dispatch/request')
| -rw-r--r-- | actionpack/test/dispatch/request/query_string_parsing_test.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb index c3f009ab15..6ea66f9d32 100644 --- a/actionpack/test/dispatch/request/query_string_parsing_test.rb +++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb @@ -81,7 +81,12 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest end test "query string without equal" do - assert_parses({ "action" => nil }, "action") + assert_parses({"action" => nil}, "action") + assert_parses({"action" => {"foo" => nil}}, "action[foo]") + assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar]") + assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar][]") + assert_parses({"action" => {"foo" => nil}}, "action[foo][]") + assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]") end test "query string with empty key" do |