From b201474756a2ee493406ad0cb49f49c6873bdc28 Mon Sep 17 00:00:00 2001 From: Ryuta Kamizono Date: Sun, 7 May 2017 04:08:58 +0900 Subject: Should escape meta characters in regexp --- actionpack/test/dispatch/request_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index 2f9228a62d..28cbde028d 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -110,8 +110,8 @@ class RequestIP < BaseRequestTest request.remote_ip } assert_match(/IP spoofing attack/, e.message) - assert_match(/HTTP_X_FORWARDED_FOR="1.1.1.1"/, e.message) - assert_match(/HTTP_CLIENT_IP="2.2.2.2"/, e.message) + assert_match(/HTTP_X_FORWARDED_FOR="1\.1\.1\.1"/, e.message) + assert_match(/HTTP_CLIENT_IP="2\.2\.2\.2"/, e.message) end test "remote ip with spoof detection disabled" do -- cgit v1.2.3 From fb0fae9747ceec065e75867ea83afb713a5b449b Mon Sep 17 00:00:00 2001 From: Eugene Kenny Date: Wed, 10 May 2017 23:48:46 +0100 Subject: Pass block in ActionController::Parameters#delete In order to fully support the same interface as `Hash#delete`, we need to pass the block through to the underlying method, not just the key. This used to work correctly, but it regressed when `ActionController::Parameters` stopped inheriting from `Hash` in 5.0. --- .../test/controller/parameters/mutators_test.rb | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/parameters/mutators_test.rb b/actionpack/test/controller/parameters/mutators_test.rb index e61bbdbe13..2c36f488c6 100644 --- a/actionpack/test/controller/parameters/mutators_test.rb +++ b/actionpack/test/controller/parameters/mutators_test.rb @@ -25,6 +25,27 @@ class ParametersMutatorsTest < ActiveSupport::TestCase assert_not @params.delete(:person).permitted? end + test "delete returns the value when the key is present" do + assert_equal "32", @params[:person].delete(:age) + end + + test "delete removes the entry when the key present" do + @params[:person].delete(:age) + assert_not @params[:person].key?(:age) + end + + test "delete returns nil when the key is not present" do + assert_equal nil, @params[:person].delete(:first_name) + end + + test "delete returns the value of the given block when the key is not present" do + assert_equal "David", @params[:person].delete(:first_name) { "David" } + end + + test "delete yields the key to the given block when the key is not present" do + assert_equal "first_name: David", @params[:person].delete(:first_name) { |k| "#{k}: David" } + end + test "delete_if retains permitted status" do @params.permit! assert @params.delete_if { |k| k == "person" }.permitted? -- cgit v1.2.3 From 8607c25ba7810573733d9b37d0015154ba059f5e Mon Sep 17 00:00:00 2001 From: eileencodes Date: Fri, 12 May 2017 14:12:40 -0400 Subject: Maintain original encoding from path When the path info is read from the socket it's encoded as ASCII 8BIT. The unescape method changes the encoding to UTF8 but it should maintain the encoding of the string that's passed in. This causes parameters to be force encoded to UTF8 when we don't actually know what the encoding of the parameter should be. --- actionpack/test/journey/router/utils_test.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/journey/router/utils_test.rb b/actionpack/test/journey/router/utils_test.rb index b77bf6628a..74277a4325 100644 --- a/actionpack/test/journey/router/utils_test.rb +++ b/actionpack/test/journey/router/utils_test.rb @@ -31,6 +31,11 @@ module ActionDispatch def test_normalize_path_uppercase assert_equal "/foo%AAbar%AAbaz", Utils.normalize_path("/foo%aabar%aabaz") end + + def test_normalize_path_maintains_string_encoding + path = "/foo%AAbar%AAbaz".b + assert_equal Encoding::ASCII_8BIT, Utils.normalize_path(path).encoding + end end end end -- cgit v1.2.3 From e605921614c286ab2d6b4cafb655230a3d9b5fee Mon Sep 17 00:00:00 2001 From: "yuuji.yaginuma" Date: Tue, 16 May 2017 07:45:41 +0900 Subject: Fix `TestInvalidUrls` with rack 2.0.3 Currently, raise `BadRequest` if params encoding is invalid. https://github.com/rails/rails/blob/5-1-stable/actionpack/lib/action_dispatch/http/parameters.rb#L64..L74 https://github.com/rails/rails/blob/5-1-stable/actionpack/lib/action_dispatch/request/utils.rb#L26..L39 However, env values are ensure encoded in ASCII 8 BIT at rack 2.0.3. https://github.com/rack/rack/commit/68db9aa99e3e2775a58621f658b2a7a0f67db459 Therefore, even if specify an invalid urls, it will not cause an error. --- actionpack/test/dispatch/routing_test.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index d64917e0d3..32cd78e492 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -4419,7 +4419,7 @@ class TestInvalidUrls < ActionDispatch::IntegrationTest end end - test "invalid UTF-8 encoding returns a 400 Bad Request" do + test "invalid UTF-8 encoding is treated as ASCII 8BIT encode" do with_routing do |set| set.draw do get "/bar/:id", to: redirect("/foo/show/%{id}") @@ -4435,19 +4435,19 @@ class TestInvalidUrls < ActionDispatch::IntegrationTest end get "/%E2%EF%BF%BD%A6" - assert_response :bad_request + assert_response :not_found get "/foo/%E2%EF%BF%BD%A6" - assert_response :bad_request + assert_response :not_found get "/foo/show/%E2%EF%BF%BD%A6" - assert_response :bad_request + assert_response :ok get "/bar/%E2%EF%BF%BD%A6" - assert_response :bad_request + assert_response :redirect get "/foobar/%E2%EF%BF%BD%A6" - assert_response :bad_request + assert_response :ok end end end -- cgit v1.2.3 From bfbbb1207930e7ebe56d4a99abd53b2aa66e0b6e Mon Sep 17 00:00:00 2001 From: sepehr500 Date: Fri, 12 May 2017 14:43:34 -0400 Subject: Fixed string being modified in place causing frozen string errors in Ruby 2.3 --- actionpack/test/dispatch/uploaded_file_test.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/dispatch/uploaded_file_test.rb b/actionpack/test/dispatch/uploaded_file_test.rb index 51680216e4..0074d2a314 100644 --- a/actionpack/test/dispatch/uploaded_file_test.rb +++ b/actionpack/test/dispatch/uploaded_file_test.rb @@ -13,6 +13,12 @@ module ActionDispatch assert_equal "foo", uf.original_filename end + def test_filename_is_different_object + file_str = "foo" + uf = Http::UploadedFile.new(filename: file_str, tempfile: Object.new) + assert_not_equal file_str.object_id , uf.original_filename.object_id + end + def test_filename_should_be_in_utf_8 uf = Http::UploadedFile.new(filename: "foo", tempfile: Object.new) assert_equal "UTF-8", uf.original_filename.encoding.to_s -- cgit v1.2.3