This project is archived and is in readonly mode.

#5873 new
Rob Anderton

Fix broken Rack params parser in Rails >= 2.3.6

Reported by Rob Anderton | October 27th, 2010 @ 11:56 PM

Since this change in May that was part of the 2.3.6 release, Rails has been dependent on the Rack 1.1 gem.

Unfortunately this version of Rack does bad things to query strings containing quotes which at best leads to them being stripped out of the params hash values and at worst leads to values being silently truncated.

I first had a look at this problem a few months back and as it's not been fixed in the meantime have now had chance to work on a patch which I think uses the best approach to fixing it: monkey-patching the broken code in Rack.

I appreciate we'd normally want to steer clear of monkey-patching in favour of using the fixed version of the gem, but this isn't really an option as Rack is broken in more ways than one:

Rolling back to Rack 1.0.1 also proves problematic as other parts of Rails 2.3 have been changed to work with the 1.1 release.

So to summarise the attached patch:

  • it adds a monkey-patch for the broken parsing methods in Rack::Utils using a similar pattern to the Rack::Lint patch that had been added previously

  • it removes the Rack::Lint patch as it no longer applies to Rack 1.1.0

  • and on a completely unrelated issue it tweaks a template to prevent annoying parentheses warnings when running the tests

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Tickets have moved to Github

The new ticket tracker is available at https://github.com/rails/rails/issues

Shared Ticket Bins

Pages