From 6d22b1f738cef1ea5dfdf0a3630ac16fe1c00b37 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Fri, 20 Dec 2013 18:20:43 -0700 Subject: [PATCH] fix "invalid byte sequence in US-ASCII" in topic attachment test plan: - create a new discussion - attach a non-ASCII file - save the discussion - it shouldn't explode Change-Id: I9ada9dbf2bf25e63baab22f6117171436d4808c6 Reviewed-on: https://gerrit.instructure.com/27832 Tested-by: Jenkins QA-Review: Matt Fairbourn Reviewed-by: Bracken Mosbacker Product-Review: Bracken Mosbacker --- config/initializers/rack.rb | 2 + spec/fixtures/multipart-request | 86 +++++++++++++++++++++++++++++++++ spec/initializers/rack_spec.rb | 9 ++++ 3 files changed, 97 insertions(+) create mode 100644 spec/fixtures/multipart-request diff --git a/config/initializers/rack.rb b/config/initializers/rack.rb index a2cd88fa5ec..8a86af381a6 100644 --- a/config/initializers/rack.rb +++ b/config/initializers/rack.rb @@ -1,3 +1,5 @@ +#encoding:ASCII-8BIT + Rack::Utils.key_space_limit = 128.kilobytes # default is 64KB if CANVAS_RAILS2 diff --git a/spec/fixtures/multipart-request b/spec/fixtures/multipart-request new file mode 100644 index 00000000000..630a430ba54 --- /dev/null +++ b/spec/fixtures/multipart-request @@ -0,0 +1,86 @@ +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="reply_count_tooltip[other]" + +%{count} replies +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="reply_count_tooltip[one]" + +1 reply +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="reply_count_tooltip[zero]" + +No replies +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="unread_count_tooltip[other]" + +%{count} unread replies +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="unread_count_tooltip[one]" + +1 unread reply +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="unread_count_tooltip[zero]" + +No unread replies +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="summary" + +blah +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="threaded" + +0 +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="attachment"; filename="test.txt" +Content-Type: text/plain + +blah blah bláh <- non-ascii is important here :P +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="message" + +

blah

+------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="title" + +test thing +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="set_assignment" + +false +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="user_can_see_posts" + +true +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="subscribed" + +false +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="require_initial_post" + +0 +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="podcast_has_student_posts" + +false +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="podcast_enabled" + +0 +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="discussion_type" + +side_comment +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="is_announcement" + +false +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="_method" + +POST +------WebKitFormBoundary2raDSu0SsqTAphBU +Content-Disposition: form-data; name="authenticity_token" + +11PqRxNnjVRnG6zc6m5aLh+t/ahMI9V1KSGKPprHfibFmldZQPsmhZhPK1vDoc3h1nK0F1XcqSlvRBwHDHXsxQ== +------WebKitFormBoundary2raDSu0SsqTAphBU-- diff --git a/spec/initializers/rack_spec.rb b/spec/initializers/rack_spec.rb index 9f078e81fdf..5172911c8df 100644 --- a/spec/initializers/rack_spec.rb +++ b/spec/initializers/rack_spec.rb @@ -28,5 +28,14 @@ this one really is a file params["file"][:filename].should eql "filename.frd" params["file"][:tempfile].read.should eql "this one really is a file" end + + it "should not explode with a non-ASCII file attachment" do + request_file = File.open( File.expand_path('../fixtures/multipart-request', File.dirname(__FILE__)) ) + env = { 'CONTENT_TYPE' => 'multipart/form-data; boundary=----WebKitFormBoundary2raDSu0SsqTAphBU', + 'CONTENT_LENGTH' => request_file.size, + 'rack.input' => request_file + } + lambda { Rack::Utils::Multipart.parse_multipart(env) }.should_not raise_error + end end end