diff options
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | Gemfile.lock | 5 | ||||
| -rw-r--r-- | config/application.rb | 4 | ||||
| -rw-r--r-- | spec/integration/errors_spec.rb | 14 |
4 files changed, 16 insertions, 8 deletions
@@ -19,6 +19,7 @@ gem 'memcache-client' gem 'net-http-local', :platforms => [:ruby_18, :ruby_19] gem 'net-purge' gem 'rack' +gem 'rack-utf8_sanitizer', :platforms => [:ruby_19, :ruby_20, :ruby_21] gem 'rake', '0.9.2.2' gem 'rails-i18n' gem 'recaptcha', '~> 0.3.1', :require => 'recaptcha/rails' diff --git a/Gemfile.lock b/Gemfile.lock index 1ba35fdfc..ca813eb1a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -180,6 +180,10 @@ GEM rack rack-test (0.6.2) rack (>= 1.0) + rack-utf8_sanitizer (1.2.3) + bundler (~> 1.0) + rack (~> 1.0) + railties (= 3.2.21) rails (3.2.21) actionmailer (= 3.2.21) actionpack (= 3.2.21) @@ -320,6 +324,7 @@ DEPENDENCIES pg quiet_assets rack + rack-utf8_sanitizer rails (= 3.2.21) rails-i18n rake (= 0.9.2.2) diff --git a/config/application.rb b/config/application.rb index ed4f07819..ff72df015 100644 --- a/config/application.rb +++ b/config/application.rb @@ -74,6 +74,10 @@ module Alaveteli ENV['RECAPTCHA_PUBLIC_KEY'] = ::AlaveteliConfiguration::recaptcha_public_key ENV['RECAPTCHA_PRIVATE_KEY'] = ::AlaveteliConfiguration::recaptcha_private_key + if RUBY_VERSION.to_f >= 1.9 + config.middleware.insert 0, Rack::UTF8Sanitizer + end + # Insert a bit of middleware code to prevent uneeded cookie setting. require "#{Rails.root}/lib/whatdotheyknow/strip_empty_sessions" config.middleware.insert_before ::ActionDispatch::Cookies, WhatDoTheyKnow::StripEmptySessions, :key => '_wdtk_cookie_session', :path => "/", :httponly => true diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 532576bb9..110626058 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -61,14 +61,12 @@ describe "When errors occur" do response.body.should match("Sorry, we couldn't find that page") end - # it 'should handle non utf-8 parameters' do - # pending 'until we sanitize non utf-8 parameters for Ruby >= 1.9' do - # get ('/%d3') - # response.should render_template('general/exception_caught') - # response.code.should == '404' - # response.body.should match("Sorry, we couldn't find that page") - # end - # end + it 'should handle non utf-8 parameters' do + get ('/%d3') + response.should render_template('general/exception_caught') + response.code.should == '404' + response.body.should match("Sorry, we couldn't find that page") + end it "should render a 500 for general errors using the general/exception_caught template" do |