kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Scrub the invalid paramter value before using it in the error

Browse source 
You should be able to safely use the String error message. So when
finding the paramter has an invalid encoding we need to remove the
invalid bytes before using it in the error. Otherwise the caller might
get another Encoding error if they use the message.
This commit is contained in:
Arthur Neves 2017-07-14 15:02:30 -04:00
parent c1f9fa8c69
commit 2513a410f5
No known key found for this signature in database
GPG key ID: 04A390FB1E433E17
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_dispatch/request/utils.rb
View file

@ -32,7 +32,7 @@ module ActionDispatch
unless params.valid_encoding?
# Raise Rack::Utils::InvalidParameterError for consistency with Rack.
# ActionDispatch::Request#GET will re-raise as a BadRequest error.
raise Rack::Utils::InvalidParameterError, "Non UTF-8 value: #{params}"
raise Rack::Utils::InvalidParameterError, "Invalid encoding for parameter: #{params.scrub}"
end
end
end

3
actionpack/test/dispatch/request_test.rb
View file

@ -1024,7 +1024,8 @@ class RequestParameters < BaseRequestTest
request.path_parameters = { foo: "\xBE" }
end
assert_equal "Invalid path parameters: Non UTF-8 value: \xBE", err.message
assert_predicate err.message, :valid_encoding?
assert_equal "Invalid path parameters: Invalid encoding for parameter: <20>", err.message
end
test "parameters not accessible after rack parse error of invalid UTF8 character" do