diff options
author | Jean byroot Boussier <jean.boussier+github@shopify.com> | 2023-01-16 21:53:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-17 09:53:58 +1300 |
commit | c0f9de4844052b7867180c587d1b6969be2f114d (patch) | |
tree | 550eb6e32c0f2bb6d02b88e817bac350f12fa5b0 | |
parent | 8312a2fd6aee0950d7b2deb548aaf600cb871d80 (diff) | |
download | rack-c0f9de4844052b7867180c587d1b6969be2f114d.tar.gz |
Rack::MethodOverride handle QueryParser::ParamsTooDeepError (#2011)
This middleware already handle two types of parsing issues
but somehow not this one.
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
-rw-r--r-- | lib/rack/method_override.rb | 2 | ||||
-rw-r--r-- | test/spec_method_override.rb | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/lib/rack/method_override.rb b/lib/rack/method_override.rb index 453901fc..b586f533 100644 --- a/lib/rack/method_override.rb +++ b/lib/rack/method_override.rb @@ -43,7 +43,7 @@ module Rack def method_override_param(req) req.POST[METHOD_OVERRIDE_PARAM_KEY] - rescue Utils::InvalidParameterError, Utils::ParameterTypeError + rescue Utils::InvalidParameterError, Utils::ParameterTypeError, QueryParser::ParamsTooDeepError req.get_header(RACK_ERRORS).puts "Invalid or incomplete POST params" rescue EOFError req.get_header(RACK_ERRORS).puts "Bad request content body" diff --git a/test/spec_method_override.rb b/test/spec_method_override.rb index 5909907b..ddb105bd 100644 --- a/test/spec_method_override.rb +++ b/test/spec_method_override.rb @@ -100,6 +100,13 @@ EOF env[Rack::RACK_ERRORS].read.must_match /Bad request content body/ end + it "not modify REQUEST_METHOD for POST requests when the params are unparseable because too deep" do + env = Rack::MockRequest.env_for("/", method: "POST", input: ("[a]" * 36) + "=1") + app.call env + + env["REQUEST_METHOD"].must_equal "POST" + end + it "not modify REQUEST_METHOD for POST requests when the params are unparseable" do env = Rack::MockRequest.env_for("/", method: "POST", input: "(%bad-params%)") app.call env |