-
-
Save bensomers/2830082 to your computer and use it in GitHub Desktop.
| # Fix for a Rails - Ruby 1.9 bug | |
| # Rails Router, now that it's UTF-8 default, blows up when routing requests | |
| # with invalid chars in the URL; it should properly return a 400 error | |
| # Have to monkey-patch the fix in, since it's not scheduled for release until | |
| # Rails 4.0. | |
| # Adapted Andrew White (pixeltrix)'s fix at | |
| # https://github.com/rails/rails/commit/3fc561a1f71edf1c2bae695cafa03909d24a5ca3, | |
| # but edited to work in 3.0.x. | |
| # 3.1.x, 3.2.x compatibility unknown | |
| require 'action_dispatch/routing/route_set' | |
| module ActionDispatch | |
| module Routing | |
| class RouteSet | |
| class Dispatcher | |
| def call_with_invalid_char_handling(env) | |
| params = env[PARAMETERS_KEY] | |
| # If any of the path parameters has a invalid encoding then | |
| # raise since it's likely to trigger errors further on. | |
| params.each do |key, value| | |
| if value.is_a?(String) and !value.valid_encoding? | |
| return [400, {'X-Cascade' => 'pass'}, []] | |
| end | |
| end | |
| call_without_invalid_char_handling(env) | |
| end | |
| alias_method_chain :call, :invalid_char_handling | |
| end | |
| end | |
| end | |
| end |
Just made a quick fix for params with non-string values.
Running this on 3.0.12 and so far everything is great. Thanks!
Anyone knows when the rails team will insert this fix?
No idea; I would assume the next proper release that's not a quickie for security reasons. Pinged @pixeltrix about it.
(Also, for my own reference; this refers to #4450)
@ShayDavidson: Answer back on the #4450 discussion; scheduled for 4.0 release.
@bensomers: This didn't work for me in 3.2.8 but I modified what you did in this gist (https://gist.github.com/3380888) and it seems to work for me. In your example using env[PARAMETERS_KEY], the hash only contains the action and the controller, not the query params. I'm not 100% sure my version is the way to go, so feel free to comment on it.
Hi @bensomers how can I add this fix to our rails app? just drop it as initializer? Thanks!
@joseluistorres yeah, just stick it in an initializer and you should be good to go. Sorry for the slow response, the lack of notifications on gists is problematic.
Thanks for this. Seems okay with Rails 3.2 too.