| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
[Gannon McGibbon + Josh Cheek]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes the behavior such the path_params now default to
UTF8 just like regular parameters. This also changes the behavior such
that if a path parameter contains invalid UTF8 it returns a 400 bad
request. Previously the behavior was to encode the path params as binary
but that's not the same as query params.
So this commit makes path params behave the same as query params.
It's important to test with a path that's encoded as binary because
that's how paths are encoded from the socket. The test that was altered
was changed to make the behavior for bad encoding the same as query
params. We want to treat path params the same as query params. The params
in the test are invalid UTF8 so they should return a bad request.
Fixes #29669
*Eileen M. Uchitelle, Aaron Patterson, & Tsukuru Tanimichi*
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When you have a route that points to an nonexistent controller we raise
an exception.
This exception was being caught by the DebugExceptions middleware in
development, but when trying to render the error page, we are reading
the request format[[1][]]. To determine the request format we are reading
the format parameters[[2][]], and to be able to read the parameters we need
to encode them[[3][]]. This was raising another exception that to encode the
parameter we try to load the controller to determine if we need to
encode the parameters are binary[[4][]]. This new exception inside the
DebugExceptions middleware makes Rails to render a generic error page.
To avoid this new exception now we only encode the parameters when the
controller can be loaded.
Fixes #28892
[1]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb#L80
[2]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/http/mime_negotiation.rb#L63
[3]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/http/parameters.rb#L58
[4]: https://github.com/rails/rails/blob/f52cdaac6336f99d13622ff9bda556a3124a4121/actionpack/lib/action_dispatch/http/parameters.rb#L88
|
|
|
|
| |
Fixes #28525
|
| |
|
| |
|
|
|
|
|
|
|
| |
It is the proper way to configure custom parameters parser and it was
being recommended in the deprecation for ActionDispatch::ParamsParser.
[ci skip]
|
|
|
|
|
|
|
|
| |
This commit changes `parameter_encoding` to `skip_parameter_encoding`.
`skip_parameter_encoding` will set encoding on all parameters to
ASCII-8BIT for a given action on a particular controller. This allows
the controller to handle data when the encoding of that data is unknown,
for example file systems or truly binary parameters.
|
|
|
|
|
|
| |
ActionDispatch::ParamsParser class was removed in favor of
ActionDispatch::Http::Parameters so it is better to move the error
constant to the new class.
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
|
|
|
|
| |
At GitHub we need to handle parameter encodings that are not UTF-8. This
patch allows us to specify encodings per parameter per action.
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
| |
|
|
|
|
|
|
|
|
| |
Check for any non-UTF8 characters in path parameters at the point they're
set in `env`. Previously they were checked for when used to get a controller
class, but this meant routes that went directly to a Rack app, or skipped
controller instantiation for some other reason, had to defend against
non-UTF8 characters themselves.
|
|
|
|
|
| |
This will keep our current API working without having the users to
change their codebases.
|
|
|
|
|
|
| |
After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem.
Closes #23766
|
|
|
|
| |
Callers expect to be able to manipulate it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.
`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.
Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.
Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want to manage a list of constants on `Mime::`. Managing
constants is strange because it will break method caches, not to mention
looking up by a constant could cause troubles. For example suppose
there is a top level constant `HTML`, but nobody registers the HTML mime
type and someone accesses `Mime::HTML`. Instead of getting an error
about how the mime type doesn't exist, instead you'll get the top level
constant.
So, instead of directly accessing the constants, change this:
Mime::HTML
To this:
Mime::Type[:HTML]
|
|
|
|
|
| |
This is an instance method on the request object now so we don't need it
anymore
|
|
|
|
|
|
|
|
| |
The middleware stack is a singleton in the application (one instance is
shared for the entire application) which means that there was only one
opportunity to set the parameter parsers. Since there is only one set
of parameter parsers in an app, lets just configure them on the request
class (since that is where they are used).
|
|
|
|
|
|
|
|
| |
Cleanup for `ActionDispatch::Http::Parameters` - no need for required libraries
and remove not used private method.
Apparently this method was used in `ActionDispatch::Http::Request` - fixed
by calling `Request::Utils` explicitly (as was done in other parts of the codebase)
|
| |
|
|
|
|
| |
we'll refactor deep munge mostly out of existence shortly
|
|
|
|
|
| |
this just pushes the conditional in to the case / when so we can switch
to method dispatch later
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch uniformizes warning messages. I used the most common style
already present in the code base:
* Capitalize the first word.
* End the message with a full stop.
* "Rails 5" instead of "Rails 5.0".
* Backticks for method names and inline code.
Also, converted a few long strings into the new heredoc convention.
|
|\
| |
| | |
This updates rails to use edge rack
|
| |
| |
| |
| | |
https://github.com/rack/rack/commit/5a5aee36
|
| |
| |
| |
| | |
This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
|
|\ \
| | |
| | | |
Remove duplicated HashWithIndifferentAccess#with_indifferent_access.
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
| | |
|
| |
| |
| |
| | |
It was changed by mistake at c5d64b2b86aa42f57881091491ee289b3c489c7e.
|
|/
|
|
|
|
|
|
|
|
|
| |
so tht I don't go totally insane with THsi crazy hash driven
development. why is Everything a hash? Why do people think hashes in
hashes with random keys is a Good API? You can't find things or
deprecate them or control access whatsoever, you just have to hope that
everyone is like "oh, you want to change that? that's cool! we all know
it's hashes so go for it!"
The End.
|
| |
|
|
|
|
|
|
| |
statement for it
Refactor of the work done in #11891
|
|
|
|
| |
(ActionDispatch::Http::Parameters#normalize_encode_params)
|
| |
|