From d155f61b64e7cecc56fe6281d084e1b12a0a3584 Mon Sep 17 00:00:00 2001
From: "Eileen M. Uchitelle" <eileencodes@users.noreply.github.com>
Date: Tue, 7 May 2019 12:19:42 -0400
Subject: Merge pull request #36196 from st0012/fix-29947

Hide malformed parameters from error page

Accidentally merged this to 6-0-stable so forward porting it to master
here instead.
---
 actionpack/test/dispatch/debug_exceptions_test.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'actionpack/test')

diff --git a/actionpack/test/dispatch/debug_exceptions_test.rb b/actionpack/test/dispatch/debug_exceptions_test.rb
index 5ae8a20ae4..3e57e8f4d9 100644
--- a/actionpack/test/dispatch/debug_exceptions_test.rb
+++ b/actionpack/test/dispatch/debug_exceptions_test.rb
@@ -620,4 +620,23 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest
       assert_select 'input[value="Action 2"]'
     end
   end
+
+  test "debug exceptions app shows diagnostics when malformed query parameters are provided" do
+    @app = DevelopmentApp
+
+    get "/bad_request?x[y]=1&x[y][][w]=2"
+
+    assert_response 400
+    assert_match "ActionController::BadRequest", body
+  end
+
+  test "debug exceptions app shows diagnostics when malformed query parameters are provided by XHR" do
+    @app = DevelopmentApp
+    xhr_request_env = { "action_dispatch.show_exceptions" => true, "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest" }
+
+    get "/bad_request?x[y]=1&x[y][][w]=2", headers: xhr_request_env
+
+    assert_response 400
+    assert_match "ActionController::BadRequest", body
+  end
 end
-- 
cgit v1.2.3