+++ /dev/null
-# frozen_string_literal: true
-# See: https://jamescrisp.org/2018/05/28/fixing-invalid-query-parameters-invalid-encoding-in-a-rails-app/
-
-class HandleBadEncodingMiddleware
- def initialize(app)
- @app = app
- end
-
- def call(env)
- begin
- Rack::Utils.parse_nested_query(env['QUERY_STRING'].to_s)
- rescue Rack::Utils::InvalidParameterError
- env['QUERY_STRING'] = ''
- end
-
- @app.call(env)
- end
-end
Bundler.require(*Rails.groups)
require_relative '../app/lib/exceptions'
-require_relative '../app/middleware/handle_bad_encoding_middleware'
require_relative '../lib/paperclip/lazy_thumbnail'
require_relative '../lib/paperclip/gif_transcoder'
require_relative '../lib/paperclip/video_transcoder'
config.active_job.queue_adapter = :sidekiq
- config.middleware.insert_before Rack::Runtime, HandleBadEncodingMiddleware
config.middleware.use Rack::Attack
config.middleware.use Rack::Deflater
+++ /dev/null
-require 'rails_helper'
-
-RSpec.describe HandleBadEncodingMiddleware do
- let(:app) { double() }
- let(:middleware) { HandleBadEncodingMiddleware.new(app) }
-
- it "request with query string is unchanged" do
- expect(app).to receive(:call).with("PATH" => "/some/path", "QUERY_STRING" => "name=fred")
- middleware.call("PATH" => "/some/path", "QUERY_STRING" => "name=fred")
- end
-
- it "request with no query string is unchanged" do
- expect(app).to receive(:call).with("PATH" => "/some/path")
- middleware.call("PATH" => "/some/path")
- end
-
- it "request with invalid encoding in query string drops query string" do
- expect(app).to receive(:call).with("QUERY_STRING" => "", "PATH" => "/some/path")
- middleware.call("QUERY_STRING" => "q=%2Fsearch%2Fall%Forder%3Ddescending%26page%3D5%26sort%3Dcreated_at", "PATH" => "/some/path")
- end
-end
cat aescling's git repositories / mastodon.git / commitdiff