Skip to content

Commit c0f9de4

Browse files
casperisfinebyroot
casperisfine
and
byroot
authored
Rack::MethodOverride handle QueryParser::ParamsTooDeepError (#2011)
This middleware already handle two types of parsing issues but somehow not this one. Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
1 parent 8312a2f commit c0f9de4

2 files changed

Lines changed: 8 additions & 1 deletion

File tree

lib/rack/method_override.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ def allowed_methods
4343

4444
def method_override_param(req)
4545
req.POST[METHOD_OVERRIDE_PARAM_KEY]
46-
rescue Utils::InvalidParameterError, Utils::ParameterTypeError
46+
rescue Utils::InvalidParameterError, Utils::ParameterTypeError, QueryParser::ParamsTooDeepError
4747
req.get_header(RACK_ERRORS).puts "Invalid or incomplete POST params"
4848
rescue EOFError
4949
req.get_header(RACK_ERRORS).puts "Bad request content body"

test/spec_method_override.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,13 @@ def app
100100
env[Rack::RACK_ERRORS].read.must_match /Bad request content body/
101101
end
102102

103+
it "not modify REQUEST_METHOD for POST requests when the params are unparseable because too deep" do
104+
env = Rack::MockRequest.env_for("/", method: "POST", input: ("[a]" * 36) + "=1")
105+
app.call env
106+
107+
env["REQUEST_METHOD"].must_equal "POST"
108+
end
109+
103110
it "not modify REQUEST_METHOD for POST requests when the params are unparseable" do
104111
env = Rack::MockRequest.env_for("/", method: "POST", input: "(%bad-params%)")
105112
app.call env

0 commit comments

Comments
 (0)