From 6ea09841f26bd3f247706641e635ac853265f62a Mon Sep 17 00:00:00 2001 From: Simone Carletti Date: Fri, 26 Jul 2019 21:27:32 +0200 Subject: Fix error 500 caused by ActionController::RoutingError (via fail-safe) when POST parameters are invalid (#29985) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Reproduce error caused by malformed parameters Error: RequestFormat#test_format_does_not_throw_exceptions_when_invalid_POST_parameters: ActionDispatch::Http::Parameters::ParseError: 765: unexpected token at '{record:{content:24.12.1.146}}' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:113:in `rescue in parse_formatted_parameters' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:107:in `parse_formatted_parameters' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/request.rb:360:in `block in POST' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch_header' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/request.rb:359:in `POST' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/parameters.rb:53:in `parameters' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/mime_negotiation.rb:62:in `block in formats' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch' /Users/weppos/.rvm/gems/ruby-2.3.3/gems/rack-2.0.3/lib/rack/request.rb:57:in `fetch_header' /Users/weppos/Mirrors/rails/actionpack/lib/action_dispatch/http/mime_negotiation.rb:60:in `formats' /Users/weppos/Mirrors/rails/actionpack/test/dispatch/request_test.rb:891:in `block in ' See GH-29983 * Capture parameter parsing error output and test it This change prevents the log to be displayed in the tests. Moreover, the assertion against the debug ensures that the test effectively triggers the parsing error as expected. * Use a generic value in the test * Switch to assert_match [Simone Carletti + Rafael Mendonça França] --- actionpack/test/dispatch/request_test.rb | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'actionpack') diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index 0ec8dd25e0..c4cb27429d 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -865,12 +865,28 @@ class RequestFormat < BaseRequestTest assert_not_predicate request.format, :json? end - test "format does not throw exceptions when malformed parameters" do + test "format does not throw exceptions when malformed GET parameters" do request = stub_request("QUERY_STRING" => "x[y]=1&x[y][][w]=2") assert request.formats assert_predicate request.format, :html? end + test "format does not throw exceptions when invalid POST parameters" do + body = "{record:{content:127.0.0.1}}" + request = stub_request( + "REQUEST_METHOD" => "POST", + "CONTENT_LENGTH" => body.length, + "CONTENT_TYPE" => "application/json", + "rack.input" => StringIO.new(body), + "action_dispatch.logger" => Logger.new(output = StringIO.new) + ) + assert request.formats + assert request.format.html? + + output.rewind && (err = output.read) + assert_match /Error occurred while parsing request parameters/, err + end + test "formats with xhr request" do request = stub_request "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest", "QUERY_STRING" => "" -- cgit v1.2.3