From d59a24d543b4fd34d453e8209caae5fef315ea78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafaelmfranca@gmail.com>
Date: Tue, 19 Aug 2014 15:32:16 -0300
Subject: Protect against error when parsing parameters with Bad Request

Related with #11795.
---
 actionpack/lib/action_dispatch/http/request.rb     |  4 ++--
 actionpack/test/dispatch/request_test.rb           | 25 ++++++++++++++++++++++
 .../cache/strategy/local_cache_middleware.rb       |  3 +++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 8c035c3c6c..f35289253b 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -292,7 +292,7 @@ module ActionDispatch
     # Override Rack's GET method to support indifferent access
     def GET
       @env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
-    rescue TypeError => e
+    rescue TypeError, Rack::Utils::InvalidParameterError => e
       raise ActionController::BadRequest.new(:query, e)
     end
     alias :query_parameters :GET
@@ -300,7 +300,7 @@ module ActionDispatch
     # Override Rack's POST method to support indifferent access
     def POST
       @env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
-    rescue TypeError => e
+    rescue TypeError, Rack::Utils::InvalidParameterError => e
       raise ActionController::BadRequest.new(:request, e)
     end
     alias :request_parameters :POST
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
index fe9ee6f73d..84bd392fd9 100644
--- a/actionpack/test/dispatch/request_test.rb
+++ b/actionpack/test/dispatch/request_test.rb
@@ -909,6 +909,31 @@ class RequestParameters < BaseRequestTest
     end
   end
 
+  test "parameters not accessible after rack parse error of invalid UTF8 character" do
+    request = stub_request("QUERY_STRING" => "foo%81E=1")
+
+    2.times do
+      assert_raises(ActionController::BadRequest) do
+        # rack will raise a Rack::Utils::InvalidParameterError when parsing this query string
+        request.parameters
+      end
+    end
+  end
+
+  test "parameters not accessible after rack parse error 1" do
+    request = stub_request(
+      'REQUEST_METHOD' => 'POST',
+      'CONTENT_LENGTH' => "a%=".length,
+      'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=utf-8',
+      'rack.input' => StringIO.new("a%=")
+    )
+
+    assert_raises(ActionController::BadRequest) do
+      # rack will raise a TypeError when parsing this query string
+      request.parameters
+    end
+  end
+
   test "we have access to the original exception" do
     request = stub_request("QUERY_STRING" => "x[y]=1&x[y][][w]=2")
 
diff --git a/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb b/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb
index 901c2e05a8..c55600a02d 100644
--- a/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb
+++ b/activesupport/lib/active_support/cache/strategy/local_cache_middleware.rb
@@ -28,6 +28,9 @@ module ActiveSupport
               LocalCacheRegistry.set_cache_for(local_cache_key, nil)
             end
             response
+          rescue Rack::Utils::InvalidParameterError
+            LocalCacheRegistry.set_cache_for(local_cache_key, nil)
+            [400, {}, []]
           rescue Exception
             LocalCacheRegistry.set_cache_for(local_cache_key, nil)
             raise
-- 
cgit v1.2.3