Skip params with empty names, such as the &=Save query string from <input type=submit/>. Closes #2569.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5094 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2026-04-04 03:00:58 -04:00 · 2006-09-12 20:57:09 +00:00
parent 74f60c032e
commit 7661c2b50a
3 changed files with 15 additions and 3 deletions
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*

+* Skip params with empty names, such as the &=Save query string from <input type="submit"/>.  #2569 [manfred, raphinou@yahoo.com]
+
 * Fix assert_tag so that :content => "foo" does not match substrings, but only exact strings. Use :content => /foo/ to match substrings. #2799 [Eric Hodel]

 * Add descriptive messages to the exceptions thrown by cgi_methods. #6091, #6103 [Nicholas Seckar, Bob Silva]
--- a/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
+++ b/actionpack/lib/action_controller/cgi_ext/cgi_methods.rb
@@ -11,6 +11,7 @@ class CGIMethods #:nodoc:
      pairs = query_string.split('&').collect do |chunk|
        next if chunk.empty?
        key, value = chunk.split('=', 2)
+        next if key.empty?
        value = (value.nil? || value.empty?) ? nil : CGI.unescape(value)
        [ key, value ]
      end.compact
@@ -26,7 +27,7 @@ class CGIMethods #:nodoc:
      until finished
        finished = true
        for key, value in params
-          next unless key
+          next if key.blank?
          if !key.include?('[')
            # much faster to test for the most common case first (GET)
            # and avoid the call to build_deep_hash
--- a/actionpack/test/controller/cgi_test.rb
+++ b/actionpack/test/controller/cgi_test.rb
@@ -16,7 +16,8 @@ class CGITest < Test::Unit::TestCase
    @query_string_with_many_equal = "action=create_customer&full_name=abc=def=ghi"
    @query_string_without_equal = "action"
    @query_string_with_many_ampersands =
-      "&action=create_customer&&&full_name=David%20Heinemeier%20Hansson"    
+      "&action=create_customer&&&full_name=David%20Heinemeier%20Hansson"
+    @query_string_with_empty_key = "action=create_customer&full_name=David%20Heinemeier%20Hansson&=Save"
  end

  def test_query_string
@@ -99,6 +100,13 @@ class CGITest < Test::Unit::TestCase
      CGIMethods.parse_query_parameters(@query_string_without_equal)
    )    
  end
+  
+  def test_query_string_with_empty_key
+    assert_equal(
+      { "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },
+      CGIMethods.parse_query_parameters(@query_string_with_empty_key)
+    )
+  end

  def test_query_string_with_many_ampersands
    assert_equal(
@@ -117,7 +125,8 @@ class CGITest < Test::Unit::TestCase
      "something_nil" => [ nil ],
      "something_empty" => [ "" ],
      "products[first]" => [ "Apple Computer" ],
-      "products[second]" => [ "Pc" ]
+      "products[second]" => [ "Pc" ],
+      "" => [ 'Save' ]
    }
    
    expected_output =  {