From d155f61b64e7cecc56fe6281d084e1b12a0a3584 Mon Sep 17 00:00:00 2001
From: "Eileen M. Uchitelle" <eileencodes@users.noreply.github.com>
Date: Tue, 7 May 2019 12:19:42 -0400
Subject: Merge pull request #36196 from st0012/fix-29947

Hide malformed parameters from error page

Accidentally merged this to 6-0-stable so forward porting it to master
here instead.
---
 railties/test/application/middleware/exceptions_test.rb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'railties/test')

diff --git a/railties/test/application/middleware/exceptions_test.rb b/railties/test/application/middleware/exceptions_test.rb
index 17df78ed4e..5fae521937 100644
--- a/railties/test/application/middleware/exceptions_test.rb
+++ b/railties/test/application/middleware/exceptions_test.rb
@@ -136,5 +136,21 @@ module ApplicationTests
       assert_match(/boooom/, last_response.body)
       assert_match(/測試テスト시험/, last_response.body)
     end
+
+    test "displays diagnostics message when malformed query parameters are provided" do
+      controller :foo, <<-RUBY
+        class FooController < ActionController::Base
+          def index
+          end
+        end
+      RUBY
+
+      app.config.action_dispatch.show_exceptions = true
+      app.config.consider_all_requests_local = true
+
+      get "/foo?x[y]=1&x[y][][w]=2"
+      assert_equal 400, last_response.status
+      assert_match "Invalid query parameters", last_response.body
+    end
   end
 end
-- 
cgit v1.2.3