提交 · 7dc53ec91d724fc1b6c1aea9b7c06383046e9304 · 张重言 / rails

22 9月, 2020 1 次提交

Catch invalid UTF-8 encodings on ActionDispatch::Http::Request#POST (#40124) · 7dc53ec9

由 Adrianna Chang 提交于 9月 21, 2020

* Add binary encoding logic into ActionDispatch::Request::Utils

Moving the logic to set binary encoding into ActionDispatch::Request::Utils
will allow us to encode from GET and POST in ActionDispatch::Request.

* Refactor binary encoding logic

- Move binary encoding calls into GET, POST and path_parameters
- Remove binary encoding from ActionDispatch::Http::Request
- This way, we only raise an invalid encoding exception if the controller is not requesting
parameters in binary encoding

* Check if encoding is valid in ActionDispatch::Request#POST and raise BadRequest if invalid

* Fix multipart_params_test that has binary-encoded params containing invalid UTF-8 characters

* Address PR comments

* Pass action and controller to Request::Utils.set_binary_encoding

[Rafael Mendonça França + Adrianna Chang]

7dc53ec9

29 7月, 2017 1 次提交
- K
  
  Use frozen string literal in actionpack/ · dfcc7661
  由 Kir Shatrov 提交于 7月 24, 2017
  
  dfcc7661
02 7月, 2017 1 次提交
- M
  Revert "Merge pull request #29540 from kirs/rubocop-frozen-string" · 87b3e226
  由 Matthew Draper 提交于 7月 02, 2017
```
This reverts commit 3420a145, reversing
changes made to afb66a5a.
```
  87b3e226
01 7月, 2017 1 次提交
- K
  
  Enforce frozen string in Rubocop · cfade1ec
  由 Kir Shatrov 提交于 6月 22, 2017
  
  cfade1ec
23 5月, 2017 1 次提交

Define path with __dir__ · 40bdbce1

由 bogdanvlviv 提交于 5月 15, 2017

".. with __dir__ we can restore order in the Universe." - by @fxn

Related to 5b8738c2

40bdbce1

25 12月, 2016 1 次提交
- A
  
  "Use assert_nil if expecting nil. This will fail in minitest 6." · e8ba0c0f
  由 Akira Matsuda 提交于 12月 25, 2016
  
  e8ba0c0f
25 10月, 2016 1 次提交

Remove mona lisa image from the tests · d1700d33

由 Rafael Mendonça França 提交于 10月 25, 2016

This image has copyright that we are not giving so it is better to use
one image that we own the copyright.

d1700d33

16 8月, 2016 1 次提交

Add three new rubocop rules · 55f9b812

由 Rafael Mendonça França 提交于 8月 16, 2016

Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces

Fix all violations in the repository.

55f9b812

07 8月, 2016 2 次提交
- X
  
  modernizes hash syntax in actionpack · 5b6eb1d5
  由 Xavier Noria 提交于 8月 06, 2016
  
  5b6eb1d5
- X
  applies new string literal convention in actionpack/test · 35b3de80
  由 Xavier Noria 提交于 8月 06, 2016
```
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
```
  35b3de80
01 3月, 2016 1 次提交

Deprecate :controller and :action path parameters · 6520ea5f

由 Andrew White 提交于 3月 01, 2016

Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.

6520ea5f

04 8月, 2015 1 次提交
- K
  
  Add failing spec on utf8 filename with percent character · b5ae1be2
  由 Kohei Suzuki 提交于 8月 04, 2015
  
  b5ae1be2
18 7月, 2015 1 次提交

Stop using deprecated `render :text` in test · 8cb8ce98

由 Prem Sichanugrist 提交于 7月 17, 2015

This will silence deprecation warnings.

Most of the test can be changed from `render :text` to render `:plain`
or `render :body` right away. However, there are some tests that needed
to be fixed by hand as they actually assert the default Content-Type
returned from `render :body`.

8cb8ce98

03 2月, 2015 1 次提交
- V
  
  Removed magic comments # encoding: utf-8 , since its default from ruby 2.0 onwards. · 6eced6a1
  由 Vipul A M 提交于 2月 03, 2015
  
  6eced6a1
29 1月, 2015 2 次提交
- R
  
  Consistent usage of spaces in hashes across our codebase · bb6fe7e7
  由 Rafael Mendonça França 提交于 1月 29, 2015
  
  bb6fe7e7
- K
  Switch to kwargs in ActionController::TestCase and ActionDispatch::Integration · baf14ae5
  由 Kir Shatrov 提交于 1月 04, 2015
```
Non-kwargs requests are deprecated now.
Guides are updated as well.

`post url, nil, nil, { a: 'b' }` doesn't make sense.
`post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
```
  baf14ae5
04 6月, 2014 1 次提交

Routes specifying 'to:' must be a string that contains a "#" or a rack · cc26b6b7

由 Aaron Patterson 提交于 6月 03, 2014

application.  Use of a symbol should be replaced with `action: symbol`.
Use of a string without a "#" should be replaced with `controller: string`.

cc26b6b7

19 5月, 2014 1 次提交

Upgraded rack · adffea62

由 Jarmo Isotalo 提交于 2月 08, 2014

As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.

Also modified generators to include rack/rack for not yet released
version of rack

adffea62

29 6月, 2013 1 次提交
- A
  
  use bytesize rather than force encoding · 3f81230a
  由 Aaron Patterson 提交于 6月 28, 2013
  
  3f81230a
15 3月, 2013 1 次提交
- T
  
  UTF-8 encode all keys and values in nested params hash. · b307210d
  由 Teo Hui Ming 提交于 3月 27, 2012
  
  b307210d
11 12月, 2012 1 次提交

Prevent raising EOFError on multipart GET request. · bc254cc2

由 Adam Stankiewicz 提交于 12月 10, 2012

Such request can happen on Internet Explorer. When we redirect
after multipart form submission, the request type is changed
to GET, but Content-Type is preserved as multipart. GET request
cannot have multipart body and that caused Rails to fail.

It's similar fix to Rack's one:
https://github.com/chneukirchen/rack/blob/8025a4ae9477d1e6231344c2b7d795aa9b3717b6/lib/rack/request.rb#L224

bc254cc2

25 4月, 2012 1 次提交

Remove default match without specified method · 56cdc81c

由 Jose and Yehuda 提交于 4月 24, 2012

In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.

In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.

This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.

Closes #5964

56cdc81c

25 12月, 2011 1 次提交
- S
  
  remove checks for encodings availability · 1e9e88fc
  由 Sergey Nartimov 提交于 12月 25, 2011
  
  1e9e88fc
03 5月, 2011 1 次提交
- J
  
  Multipart is now fixed in Rack. · ed3e6674
  由 José Valim 提交于 5月 03, 2011
  
  ed3e6674
05 10月, 2010 1 次提交
- A
  
  if it walks like a duck and talks like a duck, it must be a duck · 876acf00
  由 Aaron Patterson 提交于 10月 04, 2010
  
  876acf00
29 9月, 2010 1 次提交
- E
  
  Change test to avoid warnings. · 783e9b8d
  由 Emilio Tagua 提交于 9月 28, 2010
  
  783e9b8d
26 9月, 2010 1 次提交

Remove deprecated stuff in ActionController · 7fc1edd7

由 Carlos Antonio da Silva 提交于 9月 25, 2010

This removes all deprecated classes in ActionController related to
Routing, Abstract Request/Response and Integration/IntegrationTest.
All tests and docs were changed to ActionDispatch instead of ActionController.

7fc1edd7

05 9月, 2010 1 次提交
- P
  
  Removed deprecated RouteSet API, still many tests fail · b3eb26a1
  由 Piotr Sarnacki 提交于 8月 05, 2010
  
  b3eb26a1
28 6月, 2010 1 次提交
- J
  
  Upgrade to Rack 1.2.1 · f3bb185b
  由 Jeremy Kemper 提交于 6月 27, 2010
  
  f3bb185b
09 12月, 2009 1 次提交
- J
  
  Use new routing dsl in tests · 2be5e088
  由 Joshua Peek 提交于 12月 08, 2009
  
  2be5e088
04 10月, 2009 1 次提交
- J
  Add custom "with_routing" to internal tests to fix reseting session after using · 84e94551
  由 Joshua Peek 提交于 10月 03, 2009
```
with_routing. This only affects our internal AP tests.
```
  84e94551
28 8月, 2009 1 次提交
- J
  
  Reset session in integration tests after changing routes to reload the middleware stack · ba5995dc
  由 Joshua Peek 提交于 8月 27, 2009
  
  ba5995dc
03 8月, 2009 1 次提交

Remove legacy processing and content_length · b53f0069

由 Yehuda Katz 提交于 7月 30, 2009

  * convert_content_type! is handled by assign_default_content_type_and_charset!
  * set_content_length! should be handled by the endpoint server. Otherwise
    each middleware that modifies the body has to do the expensive work of
    recalculating content_length.
  * convert_language! appears to be legacy. There are no tests for this
  * convert_cookies! should be handled by the new HeaderHash in Rack
  * Use an integer for .status's internal representation to avoid needing to
    do String manipulation just to find out the status

b53f0069

28 4月, 2009 1 次提交
- J
  
  Can't please them all · dde06350
  由 Jeremy Kemper 提交于 4月 27, 2009
  
  dde06350
27 4月, 2009 1 次提交
- J
  
  Sufficient to test that multipart/mixed wasn't parsed to a hash · c2b4da1c
  由 Jeremy Kemper 提交于 4月 27, 2009
  
  c2b4da1c
26 4月, 2009 2 次提交
- J
  Remove RewindableInput middleware since all input MUST be rewindable according... · 4f412a10
  由 Joshua Peek 提交于 4月 25, 2009
```
Remove RewindableInput middleware since all input MUST be rewindable according to a recent change in the Rack 1.0 SPEC
```
  4f412a10
- J
  
  Remove vendored version of Rack · b69da86e
  由 Joshua Peek 提交于 4月 25, 2009
  
  b69da86e
18 4月, 2009 2 次提交
- M
  Always buffer rack.input if it is not rewindable · 7ce0778a
  由 Mislav Marohnić 提交于 4月 17, 2009
```
Signed-off-by: NJoshua Peek <josh@joshpeek.com>
```
  7ce0778a
- M
  Improve rewindable input test coverage so tests fail when you remove the middleware · 8423bb6a
  由 Mislav Marohnić 提交于 4月 17, 2009
```
Signed-off-by: NJoshua Peek <josh@joshpeek.com>
```
  8423bb6a
29 1月, 2009 1 次提交
- J
  
  Move dispatch related tests into test/dispatch · 85750f22
  由 Joshua Peek 提交于 1月 28, 2009
  
  85750f22