diff options
| author | Simone Carletti <weppos@weppos.net> | 2019-07-26 21:27:32 +0200 |
|---|---|---|
| committer | Rafael França <rafael@franca.dev> | 2019-07-26 15:27:32 -0400 |
| commit | 6ea09841f26bd3f247706641e635ac853265f62a (patch) | |
| tree | deca3f5045c2a6f623745c86b2dbac60e377484a /actionpack | |
| parent | 0eff6956a55882817f67c8d471d32ed3e4b109ee (diff) | |
| download | rails-6ea09841f26bd3f247706641e635ac853265f62a.tar.gz rails-6ea09841f26bd3f247706641e635ac853265f62a.tar.bz2 rails-6ea09841f26bd3f247706641e635ac853265f62a.zip | |
Fix error 500 caused by ActionController::RoutingError (via fail-safe) when POST parameters are invalid (#29985)
* Reproduce error caused by malformed parameters
Error:
RequestFormat#test_format_does_not_throw_exceptions_when_invalid_POST_parameters:
ActionDispatch::Http::Parameters::ParseError: 765: unexpected token at '{record:{content:24.12.1.146}}'
/Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:113:in `rescue in parse_formatted_parameters'
/Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:107:in `parse_formatted_parameters'
/Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/request.rb:360:in `block in POST'
/Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch'
/Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch_header'
/Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/request.rb:359:in `POST'
/Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:53:in `parameters'
/Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/mime_negotiation.rb:62:in `block in formats'
/Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch'
/Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch_header'
/Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/mime_negotiation.rb:60:in `formats'
/Users/weppos/Mirrors/rails/actionpack/test/dispatch/request_test.rb:891:in `block in <class:RequestFormat>'
See GH-29983
* Capture parameter parsing error output and test it
This change prevents the log to be displayed in the tests.
Moreover, the assertion against the debug ensures that
the test effectively triggers the parsing error as expected.
* Use a generic value in the test
* Switch to assert_match
[Simone Carletti + Rafael Mendonça França]
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/test/dispatch/request_test.rb | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index 0ec8dd25e0..c4cb27429d 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -865,12 +865,28 @@ class RequestFormat < BaseRequestTest assert_not_predicate request.format, :json? end - test "format does not throw exceptions when malformed parameters" do + test "format does not throw exceptions when malformed GET parameters" do request = stub_request("QUERY_STRING" => "x[y]=1&x[y][][w]=2") assert request.formats assert_predicate request.format, :html? end + test "format does not throw exceptions when invalid POST parameters" do + body = "{record:{content:127.0.0.1}}" + request = stub_request( + "REQUEST_METHOD" => "POST", + "CONTENT_LENGTH" => body.length, + "CONTENT_TYPE" => "application/json", + "rack.input" => StringIO.new(body), + "action_dispatch.logger" => Logger.new(output = StringIO.new) + ) + assert request.formats + assert request.format.html? + + output.rewind && (err = output.read) + assert_match /Error occurred while parsing request parameters/, err + end + test "formats with xhr request" do request = stub_request "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest", "QUERY_STRING" => "" |