Raise ActionController::BadRequest for malformed parameter hashes.

Currently Rack raises a TypeError when it encounters a malformed or
ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this
through to the application this commit captures the exception and
re-raises it using a new ActionController::BadRequest exception.

The new ActionController::BadRequest exception returns a 400 error
instead of the 500 error that would've been returned by the original
TypeError. This allows exception notification libraries to ignore
these errors if so desired.

Closes #3051

4 files changed, 29 insertions, 1 deletions

diff --git a/actionpack/test/dispatch/debug_exceptions_test.rb b/actionpack/test/dispatch/debug_exceptions_test.rb
index 11c292d61a..6ff651ad52 100644
--- a/actionpack/test/dispatch/debug_exceptions_test.rb
+++ b/actionpack/test/dispatch/debug_exceptions_test.rb
@@ -35,6 +35,8 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest
         raise ActionController::InvalidAuthenticityToken
       when "/not_found_original_exception"
         raise ActionView::Template::Error.new('template', AbstractController::ActionNotFound.new)
+      when "/bad_request"
+        raise ActionController::BadRequest
       else
         raise "puke!"
       end
@@ -88,6 +90,10 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest
     get "/method_not_allowed", {}, {'action_dispatch.show_exceptions' => true}
     assert_response 405
     assert_match(/ActionController::MethodNotAllowed/, body)
+
+    get "/bad_request", {}, {'action_dispatch.show_exceptions' => true}
+    assert_response 400
+    assert_match(/ActionController::BadRequest/, body)
   end
 
   test "does not show filtered parameters" do
diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb
index d14f188e30..c3f009ab15 100644
--- a/actionpack/test/dispatch/request/query_string_parsing_test.rb
+++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb
@@ -105,6 +105,17 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest
     )
   end
 
+  test "ambiguous query string returns a bad request" do
+    with_routing do |set|
+      set.draw do
+        get ':action', :to => ::QueryStringParsingTest::TestController
+      end
+
+      get "/parse", nil, "QUERY_STRING" => "foo[]=bar&foo[4]=bar"
+      assert_response :bad_request
+    end
+  end
+
   private
     def assert_parses(expected, actual)
       with_routing do |set|
diff --git a/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb b/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb
index 568e220b15..e9b59f55a7 100644
--- a/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb
+++ b/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb
@@ -126,6 +126,17 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest
     assert_parses expected, query
   end
 
+  test "ambiguous params returns a bad request" do
+    with_routing do |set|
+      set.draw do
+        post ':action', :to => ::UrlEncodedParamsParsingTest::TestController
+      end
+
+      post "/parse", "foo[]=bar&foo[4]=bar"
+      assert_response :bad_request
+    end
+  end
+
   private
     def with_test_routing
       with_routing do |set|
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
index 94d0e09842..54fc1b208d 100644
--- a/actionpack/test/dispatch/request_test.rb
+++ b/actionpack/test/dispatch/request_test.rb
@@ -561,7 +561,7 @@ class RequestTest < ActiveSupport::TestCase
     begin
       request = stub_request(mock_rack_env)
       request.parameters
-    rescue TypeError
+    rescue ActionController::BadRequest
       # rack will raise a TypeError when parsing this query string
     end
     assert_equal({}, request.parameters)