From 74e508b44b9cb7dfe1f2dda81de309a268ad5941 Mon Sep 17 00:00:00 2001 From: Jean byroot Boussier Date: Wed, 11 Jan 2023 11:56:00 +0100 Subject: [PATCH] Rack::MethodOverride handle QueryParser::ParamsTooDeepError (#2006) This middleware already handle two types of parsing issues but somehow not this one. Co-authored-by: Jean Boussier --- lib/rack/method_override.rb | 2 +- test/spec_method_override.rb | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/rack/method_override.rb b/lib/rack/method_override.rb index 61df3fc5e..6125b1916 100644 --- a/lib/rack/method_override.rb +++ b/lib/rack/method_override.rb @@ -47,7 +47,7 @@ def allowed_methods def method_override_param(req) req.POST[METHOD_OVERRIDE_PARAM_KEY] if req.form_data? || req.parseable_data? - rescue Utils::InvalidParameterError, Utils::ParameterTypeError + rescue Utils::InvalidParameterError, Utils::ParameterTypeError, QueryParser::ParamsTooDeepError req.get_header(RACK_ERRORS).puts "Invalid or incomplete POST params" rescue EOFError req.get_header(RACK_ERRORS).puts "Bad request content body" diff --git a/test/spec_method_override.rb b/test/spec_method_override.rb index d77690f44..c1df8ed77 100644 --- a/test/spec_method_override.rb +++ b/test/spec_method_override.rb @@ -107,6 +107,13 @@ def app end it "not modify REQUEST_METHOD for POST requests when the params are unparseable" do + env = Rack::MockRequest.env_for("/", method: "POST", input: ("[a]" * 36) + "=1") + app.call env + + env["REQUEST_METHOD"].must_equal "POST" + end + + it "not modify REQUEST_METHOD for POST requests when the params are unparseable because too deep" do env = Rack::MockRequest.env_for("/", method: "POST", input: "(%bad-params%)") app.call env