This project is archived and is in readonly mode.
Textarea input silently truncated in 2.3.8!
Reported by Steve Purcell | June 9th, 2010 @ 10:34 AM | in 2.3.10
Certain textarea inputs are improperly truncated before being placed in 'params', so that apps do not see the full text submitted.
How to reproduce:
- Unzip attached sample rails app (generated with "rails" script from 2.3.8)
- script/server
- Go to http://localhost:3000/things/new
- Open the attached "Dizzy.rtf" file in TextEdit (I haven't been able to test this on non-Macs), select all, copy, and then paste into the textarea on the above page
- Click save
Note the value of 'text' in the deliberately-thrown error: it contains just the final paragraph of the text, where it should contain the full text.
In Rails 2.3.5, all the text is placed in 'params', even with the same Rack version.
Comments and changes to this ticket
-
Steve Purcell June 9th, 2010 @ 10:47 AM
- Tag changed from “2.3.8 actionpack params” to “2.3.8, actionpack, params”
-
José Valim June 22nd, 2010 @ 04:12 PM
Steve, can you reproduce it in Rails test suite? It makes much easier for us to investigate.
-
Steve Purcell June 22nd, 2010 @ 09:54 PM
Okay, a patch providing a test case is attached, together with a dump of the original raw request (which came from Chrome on Mac, though the same problem is evident with Safari).
-
Steve Purcell June 22nd, 2010 @ 09:56 PM
The problem, incidentally, seems related to the url-encoded quote marks in the string.
-
Neeraj Singh June 22nd, 2010 @ 10:20 PM
previous version of rack used to remove quotes if there is no line break.
It was recently changed after much debate on rack mailing list. http://github.com/rack/rack/commit/dae12e088592ee69545b5f2f81b87f49...
-
Steve Purcell June 22nd, 2010 @ 10:30 PM
Re: the Rack changes -- wow, I'm amazed there was any debate; it seems like removing parts of the submitted text would obviously be a bad idea.
But is this a Rack issue? Does the code covered by this patched test ask the Rack stack to parse the URL-encoded params? Or is this parsing Rails-specific? It would be odd to test Rack in a Rails test.
And if so, I have a question: submitting the sample text to the same test app running under Rails 2.3.5 on the same machine did not cause the problem. Does this mean the two Rails versions were picking up different Rack gems (I have 1.2.1, 1.1.0 and 1.0.1 installed)? And if the problem was an old Rack gem, why would the newer Rails version (2.3.8) show this problem?
-
Neeraj Singh June 22nd, 2010 @ 11:33 PM
I did not notice that it was 2.3.x issue. I am not sure if rails 2.3.8 uses rack for parsing params.
There was another ticket regarding rails edge in which text area having "hello world" will have quotes removed. However "hello \n world" would have quotes preserved. That issue got fixed by that rack commit.
-
Steve Purcell June 23rd, 2010 @ 08:18 AM
Rails 2.3.8 indeed appears to require the broken Rack version 1.1.0, whereas 2.3.5 required Rack 1.0.1, so I guess we can assume that this regression is due to the new dependency on a broken Rack.
That's a pity.
-
Subba July 16th, 2010 @ 08:33 PM
- Assigned user set to “Neeraj Singh”
- Importance changed from “” to “Low”
-
Neeraj Singh July 16th, 2010 @ 08:38 PM
- Assigned user changed from “Neeraj Singh” to “Jeremy Kemper”
I am not sure if rails 2.3.9 will use the upgraded version of Rack. If it does then this problem will be solved.
-
Steve Purcell July 16th, 2010 @ 08:54 PM
Yeah, I hope so -- as it stands, I've already decided that 2.3.8 isn't safe for production use, since certain user input will get silently truncated, and there's no workaround. Shame that Rails should be compromised by this silly Rack issue.
-
andreas July 27th, 2010 @ 08:42 PM
- Tag changed from “2.3.8, actionpack, params” to “2.3.8, 2.3.9, actionpack, params”
Can we please get Rails 2.3.9 to use the fixed Rack version?
-
Jeremy Kemper August 30th, 2010 @ 05:35 AM
- Milestone set to “2.3.10”
- State changed from “new” to “incomplete”
Pending patch and test.
-
tvdeyen September 1st, 2010 @ 12:40 PM
+1 from me. Have to go back to 2.3.5 for my App now. Then quotes are submitted correctly.
-
Steve Purcell September 7th, 2010 @ 11:14 AM
Confirmed still present in 2.3.9.
I had a go at bumping the Rack version to 1.2.1, but a whole bunch of tests break then.
-
Phil Ross September 7th, 2010 @ 10:46 PM
I've been using the attached initializer to fix this issue with Rails 2.3.8 and 2.3.9. It replaces the parse_query and normalize_params methods in Rack::Utils with fixed versions (the code is from Rack 1.1.0 with the patch from http://github.com/rack/rack/commit/dae12e088592ee69545b5f2f81b87f49... applied).
-
-
-
Roel van der Hoorn December 13th, 2010 @ 09:41 PM
+1
Nasty bug. Patch works well for me (Rails 2.3.10).
-
Roel van der Hoorn December 22nd, 2010 @ 12:40 PM
For those who also ran into this bug: http://groups.google.com/group/rack-devel/browse_thread/thread/5876... you may want to use the attached updated patch, which applies the following two commits:
http://github.com/rack/rack/commit/c028a23b36debbce1005347d4234fe6e...
http://github.com/rack/rack/commit/55cbbc91ae0a03445dd9e0ba1830f70f...
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
-
Akira Matsuda
-
Alexandru Ungur
-
baxang
-
caseyf
-
Chris Mear
-
Christos Zisopoulos
-
Dmitry Polushkin
-
Édouard Brière
-
Fotos Georgiadis
-
Gleb Pomykalov
-
GuiGS
-
Jeremy Kemper
-
José Valim
-
Laust Rud Jacobsen
-
Martin Luder
-
Matt Jones
-
Michael Lovitt
-
Nikhil Gupte
-
Phil Ross
-
rbudiharso
-
Roel van der Hoorn
-
Ryan Wallace
-
Santiago Pastorino
-
tvdeyen
