-
-
Save bensomers/2830082 to your computer and use it in GitHub Desktop.
| # Fix for a Rails - Ruby 1.9 bug | |
| # Rails Router, now that it's UTF-8 default, blows up when routing requests | |
| # with invalid chars in the URL; it should properly return a 400 error | |
| # Have to monkey-patch the fix in, since it's not scheduled for release until | |
| # Rails 4.0. | |
| # Adapted Andrew White (pixeltrix)'s fix at | |
| # https://github.com/rails/rails/commit/3fc561a1f71edf1c2bae695cafa03909d24a5ca3, | |
| # but edited to work in 3.0.x. | |
| # 3.1.x, 3.2.x compatibility unknown | |
| require 'action_dispatch/routing/route_set' | |
| module ActionDispatch | |
| module Routing | |
| class RouteSet | |
| class Dispatcher | |
| def call_with_invalid_char_handling(env) | |
| params = env[PARAMETERS_KEY] | |
| # If any of the path parameters has a invalid encoding then | |
| # raise since it's likely to trigger errors further on. | |
| params.each do |key, value| | |
| if value.is_a?(String) and !value.valid_encoding? | |
| return [400, {'X-Cascade' => 'pass'}, []] | |
| end | |
| end | |
| call_without_invalid_char_handling(env) | |
| end | |
| alias_method_chain :call, :invalid_char_handling | |
| end | |
| end | |
| end | |
| end |
Running this on 3.0.12 and so far everything is great. Thanks!
Anyone knows when the rails team will insert this fix?
No idea; I would assume the next proper release that's not a quickie for security reasons. Pinged @pixeltrix about it.
(Also, for my own reference; this refers to #4450)
@ShayDavidson: Answer back on the #4450 discussion; scheduled for 4.0 release.
@bensomers: This didn't work for me in 3.2.8 but I modified what you did in this gist (https://gist.github.com/3380888) and it seems to work for me. In your example using env[PARAMETERS_KEY], the hash only contains the action and the controller, not the query params. I'm not 100% sure my version is the way to go, so feel free to comment on it.
Hi @bensomers how can I add this fix to our rails app? just drop it as initializer? Thanks!
@joseluistorres yeah, just stick it in an initializer and you should be good to go. Sorry for the slow response, the lack of notifications on gists is problematic.
Just made a quick fix for params with non-string values.