Merge pull request #1249 from mclark/handle-invalid-method-parameters

handle failure to upcase invalid UTF8 strings for `_method` values
rack · Apr 23, 2018 · 2293c6a · 2293c6a
2 parents 274d934 + b27dd86
commit 2293c6a
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/lib/rack/methodoverride.rb b/lib/rack/methodoverride.rb
@@ -26,7 +26,11 @@ def method_override(env)
       req = Request.new(env)
       method = method_override_param(req) ||
         env[HTTP_METHOD_OVERRIDE_HEADER]
-      method.to_s.upcase
+      begin
+        method.to_s.upcase
+      rescue ArgumentError
+        env["rack.errors"].puts "Invalid string for method"
+      end
     end
 
     private

diff --git a/test/spec_methodoverride.rb b/test/spec_methodoverride.rb
@@ -8,7 +8,7 @@ def app
       [200, {"Content-Type" => "text/plain"}, []]
     }))
   end
-  
+
   should "not affect GET requests" do
     env = Rack::MockRequest.env_for("/?_method=delete", :method => "GET")
     app.call env
@@ -23,6 +23,22 @@ def app
     env["REQUEST_METHOD"].should.equal "PUT"
   end
 
+  if RUBY_VERSION >= "1.9"
+    should "set rack.errors for invalid UTF8 _method values" do
+      errors = StringIO.new
+      env = Rack::MockRequest.env_for("/",
+        :method => "POST",
+        :input => "_method=\xBF".force_encoding("ASCII-8BIT"),
+        "rack.errors" => errors)
+
+      app.call env
+
+      errors.rewind
+      errors.read.should.equal "Invalid string for method\n"
+      env["REQUEST_METHOD"].should.equal "POST"
+    end
+  end
+
   should "modify REQUEST_METHOD for POST requests when X-HTTP-Method-Override is set" do
     env = Rack::MockRequest.env_for("/",
             :method => "POST",