From c0f9de4844052b7867180c587d1b6969be2f114d Mon Sep 17 00:00:00 2001 From: Jean byroot Boussier Date: Mon, 16 Jan 2023 21:53:58 +0100 Subject: Rack::MethodOverride handle QueryParser::ParamsTooDeepError (#2011) This middleware already handle two types of parsing issues but somehow not this one. Co-authored-by: Jean Boussier --- lib/rack/method_override.rb | 2 +- test/spec_method_override.rb | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/rack/method_override.rb b/lib/rack/method_override.rb index 453901fc..b586f533 100644 --- a/lib/rack/method_override.rb +++ b/lib/rack/method_override.rb @@ -43,7 +43,7 @@ module Rack def method_override_param(req) req.POST[METHOD_OVERRIDE_PARAM_KEY] - rescue Utils::InvalidParameterError, Utils::ParameterTypeError + rescue Utils::InvalidParameterError, Utils::ParameterTypeError, QueryParser::ParamsTooDeepError req.get_header(RACK_ERRORS).puts "Invalid or incomplete POST params" rescue EOFError req.get_header(RACK_ERRORS).puts "Bad request content body" diff --git a/test/spec_method_override.rb b/test/spec_method_override.rb index 5909907b..ddb105bd 100644 --- a/test/spec_method_override.rb +++ b/test/spec_method_override.rb @@ -100,6 +100,13 @@ EOF env[Rack::RACK_ERRORS].read.must_match /Bad request content body/ end + it "not modify REQUEST_METHOD for POST requests when the params are unparseable because too deep" do + env = Rack::MockRequest.env_for("/", method: "POST", input: ("[a]" * 36) + "=1") + app.call env + + env["REQUEST_METHOD"].must_equal "POST" + end + it "not modify REQUEST_METHOD for POST requests when the params are unparseable" do env = Rack::MockRequest.env_for("/", method: "POST", input: "(%bad-params%)") app.call env -- cgit v1.2.1