Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rack::Request#POST should consistently raise errors. #2010

Merged
merged 3 commits into from Jan 16, 2023
Merged

Rack::Request#POST should consistently raise errors. #2010

merged 3 commits into from Jan 16, 2023

Conversation

ioquatix
Copy link
Member

@ioquatix ioquatix commented Jan 16, 2023
edited

Cache errors that occur when invoking Rack::Request#POST so they can be raised again later (consistently).

I propose we backport this to 3-0-stable as this is a regression on 2.2 behaviour.

Fixes #2009.

@ioquatix ioquatix changed the title Rack::Request#post should consistently raise errors. Rack::Request#POST should consistently raise errors. Jan 16, 2023
casperisfine
casperisfine approved these changes Jan 16, 2023
View reviewed changes
Copy link
Contributor

@casperisfine casperisfine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ioquatix ioquatix enabled auto-merge (squash) January 16, 2023 11:14
jeremyevans
jeremyevans requested changes Jan 16, 2023
View reviewed changes
Copy link
Contributor

@jeremyevans jeremyevans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that we should be consistent. Please see requested changes about the implementation.

lib/rack/request.rb Outdated Show resolved Hide resolved
lib/rack/request.rb Show resolved Hide resolved
@ioquatix ioquatix merged commit 4da13a7 into main Jan 16, 2023
@ioquatix ioquatix deleted the rack-request-form-error branch January 16, 2023 22:04
ioquatix added a commit that referenced this pull request Jan 16, 2023
@ioquatix
Rack::Request#POST should consistently raise errors. (#2010)
401ca82 
Cache errors that occur when invoking `Rack::Request#POST` so they can be
raised again later.

* Don't throw exactly the same error - so we have the correct backtrace.
tenderlove added a commit that referenced this pull request Jan 17, 2023
@tenderlove
Merge branch '3-0-sec'
becbf4b 
* 3-0-sec: (24 commits)
  bump version
  Update changelog
  Fix ReDoS vulnerability in multipart parser
  Fix ReDoS in Rack::Utils.get_byte_ranges
  Forbid control characters in attributes
  Bump patch version.
  `Rack::Request#POST` should consistently raise errors. (#2010)
  Fix Rack::Lint error message for HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH (#2007)
  Rack::MethodOverride handle QueryParser::ParamsTooDeepError (#2006)
  Bump patch version.
  Fix Regexp deprecated third argument with Regexp::NOENCODING (#1998)
  Update tests to work on latest Rubies. (#1999)
  Bump patch version.
  Allow passing through streaming bodies. (#1993)
  Remove unnecessary executable bit from test files (#1992)
  Fix Utils.build_nested_query to URL-encode all query string fields (#1989)
  Trim trailing white space throughout the project (#1990)
  Fix some typos (#1991)
  Remove leading dot to fix compatibility with latest cgi gem. (#1988)
  Fix outdated Rack::Builder rdocs and remove Lobster references (#1986)
  ...
@ioquatix ioquatix mentioned this pull request Mar 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeremyevans jeremyevans jeremyevans approved these changes

@casperisfine casperisfine casperisfine approved these changes

@tenderlove tenderlove Awaiting requested review from tenderlove

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

MethodOverride middleware silently eats invalid parameters.
3 participants
@ioquatix @jeremyevans @casperisfine