diff options
author | Eileen M. Uchitelle <eileencodes@users.noreply.github.com> | 2018-04-23 11:46:40 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-23 11:46:40 -0400 |
commit | 2293c6a21925a70a2e9e67138edd341c5418ec4b (patch) | |
tree | a90f31e0b0f9529153a89453e8568e2c3b0df416 | |
parent | 274d934f32cc08a550f9e37bfdced7e228b42196 (diff) | |
parent | b27dd86738c21110cc5e8befa2fa217f81124ee3 (diff) | |
download | rack-2293c6a21925a70a2e9e67138edd341c5418ec4b.tar.gz |
Merge pull request #1249 from mclark/handle-invalid-method-parameters
handle failure to upcase invalid UTF8 strings for `_method` values
-rw-r--r-- | lib/rack/methodoverride.rb | 6 | ||||
-rw-r--r-- | test/spec_methodoverride.rb | 18 |
2 files changed, 22 insertions, 2 deletions
diff --git a/lib/rack/methodoverride.rb b/lib/rack/methodoverride.rb index 16bf23cf..61cb27fc 100644 --- a/lib/rack/methodoverride.rb +++ b/lib/rack/methodoverride.rb @@ -26,7 +26,11 @@ module Rack req = Request.new(env) method = method_override_param(req) || env[HTTP_METHOD_OVERRIDE_HEADER] - method.to_s.upcase + begin + method.to_s.upcase + rescue ArgumentError + env["rack.errors"].puts "Invalid string for method" + end end private diff --git a/test/spec_methodoverride.rb b/test/spec_methodoverride.rb index 6914bdee..d905cb1e 100644 --- a/test/spec_methodoverride.rb +++ b/test/spec_methodoverride.rb @@ -8,7 +8,7 @@ describe Rack::MethodOverride do [200, {"Content-Type" => "text/plain"}, []] })) end - + should "not affect GET requests" do env = Rack::MockRequest.env_for("/?_method=delete", :method => "GET") app.call env @@ -23,6 +23,22 @@ describe Rack::MethodOverride do env["REQUEST_METHOD"].should.equal "PUT" end + if RUBY_VERSION >= "1.9" + should "set rack.errors for invalid UTF8 _method values" do + errors = StringIO.new + env = Rack::MockRequest.env_for("/", + :method => "POST", + :input => "_method=\xBF".force_encoding("ASCII-8BIT"), + "rack.errors" => errors) + + app.call env + + errors.rewind + errors.read.should.equal "Invalid string for method\n" + env["REQUEST_METHOD"].should.equal "POST" + end + end + should "modify REQUEST_METHOD for POST requests when X-HTTP-Method-Override is set" do env = Rack::MockRequest.env_for("/", :method => "POST", |