Return 400 Bad Request for URL paths with invalid encoding.

Passing path parameters with invalid encoding is likely to trigger errors
further on like `ArgumentError (invalid byte sequence in UTF-8)`. This will
result in a 500 error whereas the better error to return is a 400 error which
allows exception notification libraries to filter it out if they wish.

Closes #4450

1 files changed, 31 insertions, 0 deletions

diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb
index 1a8f40037f..00d09282ca 100644
--- a/actionpack/test/dispatch/routing_test.rb
+++ b/actionpack/test/dispatch/routing_test.rb
@@ -2697,3 +2697,34 @@ class TestUrlConstraints < ActionDispatch::IntegrationTest
     assert_response :success
   end
 end
+
+class TestInvalidUrls < ActionDispatch::IntegrationTest
+  class FooController < ActionController::Base
+    def show
+      render :text => "foo#show"
+    end
+  end
+
+  test "invalid UTF-8 encoding returns a 400 Bad Request" do
+    with_routing do |set|
+      set.draw do
+        get "/bar/:id", :to => redirect("/foo/show/%{id}")
+        get "/foo/show(/:id)", :to => "test_invalid_urls/foo#show"
+        get "/foo(/:action(/:id))", :to => "test_invalid_urls/foo"
+        get "/:controller(/:action(/:id))"
+      end
+
+      get "/%E2%EF%BF%BD%A6"
+      assert_response :bad_request
+
+      get "/foo/%E2%EF%BF%BD%A6"
+      assert_response :bad_request
+
+      get "/foo/show/%E2%EF%BF%BD%A6"
+      assert_response :bad_request
+
+      get "/bar/%E2%EF%BF%BD%A6"
+      assert_response :bad_request
+    end
+  end
+end
\ No newline at end of file