2 files changed, 18 insertions, 0 deletions

diff --git a/actionpack/lib/action_dispatch/routing/redirection.rb b/actionpack/lib/action_dispatch/routing/redirection.rb
index b3823bb496..205ff44b1c 100644
--- a/actionpack/lib/action_dispatch/routing/redirection.rb
+++ b/actionpack/lib/action_dispatch/routing/redirection.rb
@@ -2,6 +2,7 @@ require 'action_dispatch/http/request'
 require 'active_support/core_ext/uri'
 require 'active_support/core_ext/array/extract_options'
 require 'rack/utils'
+require 'action_controller/metal/exceptions'
 
 module ActionDispatch
   module Routing
@@ -16,6 +17,14 @@ module ActionDispatch
       def call(env)
         req = Request.new(env)
 
+        # If any of the path parameters has a invalid encoding then
+        # raise since it's likely to trigger errors further on.
+        req.symbolized_path_parameters.each do |key, value|
+          unless value.valid_encoding?
+            raise ActionController::BadRequest, "Invalid parameter: #{key} => #{value}"
+          end
+        end
+
         uri = URI.parse(path(req.symbolized_path_parameters, req))
         uri.scheme ||= req.scheme
         uri.host   ||= req.host
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb
index 0ae668d42a..1d0a67d0d2 100644
--- a/actionpack/lib/action_dispatch/routing/route_set.rb
+++ b/actionpack/lib/action_dispatch/routing/route_set.rb
@@ -26,6 +26,15 @@ module ActionDispatch
 
         def call(env)
           params = env[PARAMETERS_KEY]
+
+          # If any of the path parameters has a invalid encoding then
+          # raise since it's likely to trigger errors further on.
+          params.each do |key, value|
+            unless value.valid_encoding?
+              raise ActionController::BadRequest, "Invalid parameter: #{key} => #{value}"
+            end
+          end
+
           prepare_params!(params)
 
           # Just raise undefined constant errors if a controller was specified as default.