From 50f333b203756009acff2457b6d1c9da3b532cad Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 1 Dec 2004 12:57:16 +0000 Subject: Added graceful handling of non-alphanumeric names and misplaced brackets in input parameters [bitsweat] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@39 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- actionpack/CHANGELOG | 2 ++ .../lib/action_controller/cgi_ext/cgi_methods.rb | 30 +++++++++--------- actionpack/test/controller/cgi_test.rb | 36 ++++++++++++++++++++-- 3 files changed, 49 insertions(+), 19 deletions(-) diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index eedef92916..e48b117bc7 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Added graceful handling of non-alphanumeric names and misplaced brackets in input parameters [bitsweat] + * Added a new container for cookies that makes them more intuative to use. The old methods of cookie and @cookies have been deprecated. Examples for writing: diff --git a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb index 261490580c..3736353b53 100755 --- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb +++ b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb @@ -63,29 +63,27 @@ class CGIMethods #:nodoc: end end - def CGIMethods.get_levels(key_string) - return [] if key_string.nil? or key_string.empty? - - levels = [] - main, existance = /(\w+)(\[)?.?/.match(key_string).captures - levels << main - - unless existance.nil? - hash_part = key_string.sub(/\w+\[/, "") - hash_part.slice!(-1, 1) - levels += hash_part.split(/\]\[/) + PARAMS_HASH_RE = /^([^\[]+)(\[.*\])?(.)?.*$/ + def CGIMethods.get_levels(key) + all, main, bracketed, trailing = PARAMS_HASH_RE.match(key).to_a + if main.nil? + [] + elsif trailing + [key] + elsif bracketed + [main] + bracketed.slice(1...-1).split('][') + else + [main] end - - levels end - + def CGIMethods.build_deep_hash(value, hash, levels) if levels.length == 0 - value; + value elsif hash.nil? { levels.first => CGIMethods.build_deep_hash(value, nil, levels[1..-1]) } else hash.update({ levels.first => CGIMethods.build_deep_hash(value, hash[levels.first], levels[1..-1]) }) end end -end \ No newline at end of file +end diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb index 46e24ab403..2cee763491 100755 --- a/actionpack/test/controller/cgi_test.rb +++ b/actionpack/test/controller/cgi_test.rb @@ -133,10 +133,40 @@ class CGITest < Test::Unit::TestCase end def test_parse_params_with_array - input = { "selected[]" => [ "1", "2", "3" ] } + input = { "selected[]" => [ "1", "2", "3" ] } - expected_output = { "selected" => [ "1", "2", "3" ] } + expected_output = { "selected" => [ "1", "2", "3" ] } - assert_equal expected_output, CGIMethods.parse_request_parameters(input) + assert_equal expected_output, CGIMethods.parse_request_parameters(input) + end + + def test_parse_params_with_non_alphanumeric_name + input = { "a/b[c]" => %w(d) } + expected = { "a/b" => { "c" => "d" }} + assert_equal expected, CGIMethods.parse_request_parameters(input) + end + + def test_parse_params_with_single_brackets_in_middle + input = { "a/b[c]d" => %w(e) } + expected = { "a/b[c]d" => "e" } + assert_equal expected, CGIMethods.parse_request_parameters(input) + end + + def test_parse_params_with_separated_brackets + input = { "a/b@[c]d[e]" => %w(f) } + expected = { "a/b@" => { "c]d[e" => "f" }} + assert_equal expected, CGIMethods.parse_request_parameters(input) + end + + def test_parse_params_with_separated_brackets_and_array + input = { "a/b@[c]d[e][]" => %w(f) } + expected = { "a/b@" => { "c]d[e" => ["f"] }} + assert_equal expected , CGIMethods.parse_request_parameters(input) + end + + def test_parse_params_with_unmatched_brackets_and_array + input = { "a/b@[c][d[e][]" => %w(f) } + expected = { "a/b@" => { "c" => { "d[e" => ["f"] }}} + assert_equal expected, CGIMethods.parse_request_parameters(input) end end -- cgit v1.2.3