Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
59ab2d1e
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
59ab2d1e
编写于
10月 18, 2015
作者:
G
Grey Baker
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Catch invalid UTF-8 querystring values and respond with BadRequest
上级
6f62ace6
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
37 addition
and
7 deletion
+37
-7
actionpack/CHANGELOG.md
actionpack/CHANGELOG.md
+8
-0
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/http/request.rb
+4
-1
actionpack/lib/action_dispatch/request/utils.rb
actionpack/lib/action_dispatch/request/utils.rb
+15
-0
actionpack/test/dispatch/request_test.rb
actionpack/test/dispatch/request_test.rb
+10
-6
未找到文件。
actionpack/CHANGELOG.md
浏览文件 @
59ab2d1e
*
Catch invalid UTF-8 querystring values and respond with BadRequest
Check querystring params for invalid UTF-8 characters, and raise an
ActionController::BadRequest error if present. Previously these strings
would typically trigger errors further down the stack.
*Grey Baker*
*
Parse RSS/ATOM responses as XML, not HTML.
*Alexander Kaupanin*
...
...
actionpack/lib/action_dispatch/http/request.rb
浏览文件 @
59ab2d1e
...
...
@@ -338,7 +338,10 @@ def session_options=(options)
# Override Rack's GET method to support indifferent access
def
GET
fetch_header
(
"action_dispatch.request.query_parameters"
)
do
|
k
|
set_header
k
,
Request
::
Utils
.
normalize_encode_params
(
super
||
{})
rack_query_params
=
super
||
{}
# Check for non UTF-8 parameter values, which would cause errors later
Request
::
Utils
.
check_param_encoding
(
rack_query_params
)
set_header
k
,
Request
::
Utils
.
normalize_encode_params
(
rack_query_params
)
end
rescue
Rack
::
Utils
::
ParameterTypeError
,
Rack
::
Utils
::
InvalidParameterError
=>
e
raise
ActionController
::
BadRequest
.
new
(
"Invalid query parameters:
#{
e
.
message
}
"
,
e
)
...
...
actionpack/lib/action_dispatch/request/utils.rb
浏览文件 @
59ab2d1e
...
...
@@ -13,6 +13,21 @@ def self.normalize_encode_params(params)
end
end
def
self
.
check_param_encoding
(
params
)
case
params
when
Array
params
.
each
{
|
element
|
check_param_encoding
(
element
)
}
when
Hash
params
.
each_value
{
|
value
|
check_param_encoding
(
value
)
}
when
String
unless
params
.
valid_encoding?
# Raise Rack::Utils::InvalidParameterError for consistency with Rack.
# ActionDispatch::Request#GET will re-raise as a BadRequest error.
raise
Rack
::
Utils
::
InvalidParameterError
,
"Non UTF-8 value:
#{
params
}
"
end
end
end
class
ParamEncoder
# :nodoc:
# Convert nested Hash to HashWithIndifferentAccess.
#
...
...
actionpack/test/dispatch/request_test.rb
浏览文件 @
59ab2d1e
...
...
@@ -977,13 +977,17 @@ class RequestParameters < BaseRequestTest
test
"parameters not accessible after rack parse error of invalid UTF8 character"
do
request
=
stub_request
(
"QUERY_STRING"
=>
"foo%81E=1"
)
assert_raises
(
ActionController
::
BadRequest
)
{
request
.
parameters
}
end
2
.
times
do
assert_raises
(
ActionController
::
BadRequest
)
do
# rack will raise a Rack::Utils::InvalidParameterError when parsing this query string
request
.
parameters
end
end
test
"parameters containing an invalid UTF8 character"
do
request
=
stub_request
(
"QUERY_STRING"
=>
"foo=%81E"
)
assert_raises
(
ActionController
::
BadRequest
)
{
request
.
parameters
}
end
test
"parameters containing a deeply nested invalid UTF8 character"
do
request
=
stub_request
(
"QUERY_STRING"
=>
"foo[bar]=%81E"
)
assert_raises
(
ActionController
::
BadRequest
)
{
request
.
parameters
}
end
test
"parameters not accessible after rack parse error 1"
do
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录