-
-
Save bensomers/2830082 to your computer and use it in GitHub Desktop.
# Fix for a Rails - Ruby 1.9 bug | |
# Rails Router, now that it's UTF-8 default, blows up when routing requests | |
# with invalid chars in the URL; it should properly return a 400 error | |
# Have to monkey-patch the fix in, since it's not scheduled for release until | |
# Rails 4.0. | |
# Adapted Andrew White (pixeltrix)'s fix at | |
# https://github.com/rails/rails/commit/3fc561a1f71edf1c2bae695cafa03909d24a5ca3, | |
# but edited to work in 3.0.x. | |
# 3.1.x, 3.2.x compatibility unknown | |
require 'action_dispatch/routing/route_set' | |
module ActionDispatch | |
module Routing | |
class RouteSet | |
class Dispatcher | |
def call_with_invalid_char_handling(env) | |
params = env[PARAMETERS_KEY] | |
# If any of the path parameters has a invalid encoding then | |
# raise since it's likely to trigger errors further on. | |
params.each do |key, value| | |
if value.is_a?(String) and !value.valid_encoding? | |
return [400, {'X-Cascade' => 'pass'}, []] | |
end | |
end | |
call_without_invalid_char_handling(env) | |
end | |
alias_method_chain :call, :invalid_char_handling | |
end | |
end | |
end | |
end |
Running this on 3.0.12 and so far everything is great. Thanks!
Anyone knows when the rails team will insert this fix?
No idea; I would assume the next proper release that's not a quickie for security reasons. Pinged @pixeltrix about it.
(Also, for my own reference; this refers to #4450)
@ShayDavidson: Answer back on the #4450 discussion; scheduled for 4.0 release.
@bensomers: This didn't work for me in 3.2.8 but I modified what you did in this gist (https://gist.github.com/3380888) and it seems to work for me. In your example using env[PARAMETERS_KEY], the hash only contains the action and the controller, not the query params. I'm not 100% sure my version is the way to go, so feel free to comment on it.
Hi @bensomers how can I add this fix to our rails app? just drop it as initializer? Thanks!
@joseluistorres yeah, just stick it in an initializer and you should be good to go. Sorry for the slow response, the lack of notifications on gists is problematic.
Just made a quick fix for params with non-string values.