Remove bad encoding middleware (#12931)

Revert #12741
master
Eugen Rochko 5 years ago committed by GitHub
parent 105f83fc1e
commit dee853f23c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 18
      app/middleware/handle_bad_encoding_middleware.rb
  2. 2
      config/application.rb
  3. 21
      spec/middleware/handle_bad_encoding_middleware_spec.rb

@ -1,18 +0,0 @@
# frozen_string_literal: true
# See: https://jamescrisp.org/2018/05/28/fixing-invalid-query-parameters-invalid-encoding-in-a-rails-app/
class HandleBadEncodingMiddleware
def initialize(app)
@app = app
end
def call(env)
begin
Rack::Utils.parse_nested_query(env['QUERY_STRING'].to_s)
rescue Rack::Utils::InvalidParameterError
env['QUERY_STRING'] = ''
end
@app.call(env)
end
end

@ -7,7 +7,6 @@ require 'rails/all'
Bundler.require(*Rails.groups) Bundler.require(*Rails.groups)
require_relative '../app/lib/exceptions' require_relative '../app/lib/exceptions'
require_relative '../app/middleware/handle_bad_encoding_middleware'
require_relative '../lib/paperclip/lazy_thumbnail' require_relative '../lib/paperclip/lazy_thumbnail'
require_relative '../lib/paperclip/gif_transcoder' require_relative '../lib/paperclip/gif_transcoder'
require_relative '../lib/paperclip/video_transcoder' require_relative '../lib/paperclip/video_transcoder'
@ -120,7 +119,6 @@ module Mastodon
config.active_job.queue_adapter = :sidekiq config.active_job.queue_adapter = :sidekiq
config.middleware.insert_before Rack::Runtime, HandleBadEncodingMiddleware
config.middleware.use Rack::Attack config.middleware.use Rack::Attack
config.middleware.use Rack::Deflater config.middleware.use Rack::Deflater

@ -1,21 +0,0 @@
require 'rails_helper'
RSpec.describe HandleBadEncodingMiddleware do
let(:app) { double() }
let(:middleware) { HandleBadEncodingMiddleware.new(app) }
it "request with query string is unchanged" do
expect(app).to receive(:call).with("PATH" => "/some/path", "QUERY_STRING" => "name=fred")
middleware.call("PATH" => "/some/path", "QUERY_STRING" => "name=fred")
end
it "request with no query string is unchanged" do
expect(app).to receive(:call).with("PATH" => "/some/path")
middleware.call("PATH" => "/some/path")
end
it "request with invalid encoding in query string drops query string" do
expect(app).to receive(:call).with("QUERY_STRING" => "", "PATH" => "/some/path")
middleware.call("QUERY_STRING" => "q=%2Fsearch%2Fall%Forder%3Ddescending%26page%3D5%26sort%3Dcreated_at", "PATH" => "/some/path")
end
end
Loading…
Cancel
Save