From ee2d0f30b7699248c2ace02c12ce7223102b6077 Mon Sep 17 00:00:00 2001 From: Gareth Rees Date: Thu, 27 Mar 2014 16:53:09 +0000 Subject: URL Encode the path parameter for render_exception MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If a request is made and path is something like /%d3 we rescue this with a custom 404 template. This gets unescaped as {"path"=>"\323"}. In the case of a RouteNotFound, ApplicationController#render_exception renders the general/exception_caught template in to the default layout, which renders the general/_locale_switcher partial. This partial calls url_for – sending the full params hash as the argument – so that a user may return to the existing page in their chosen locale. The problem is that url_for tries to construct the url with the hash {:action=>"not_found", :controller=>"general", :path=>"\323"}. ApplicationController#sanitize_params re-encodes the path parameter so that it can be passed through to url_for without trouble. --- spec/integration/errors_spec.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 17a0153c2..3ff3edb53 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -54,6 +54,13 @@ describe "When errors occur" do end end + it 'should url encode params' do + get ('/%d3') + response.should render_template('general/exception_caught') + response.code.should == '404' + response.body.should match("Sorry, we couldn't find that page") + end + it "should render a 500 for general errors using the general/exception_caught template" do InfoRequest.stub!(:find_by_url_title!).and_raise("An example error") get("/request/example") -- cgit v1.2.3