From 09d54d1f626163fcc6e282544dfc9939fd3cdfd3 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 2 Jan 2020 17:14:58 +0100
Subject: Fix uncaught query param encoding errors (#12741)

---
 app/middleware/handle_bad_encoding_middleware.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 app/middleware/handle_bad_encoding_middleware.rb

(limited to 'app/middleware/handle_bad_encoding_middleware.rb')

diff --git a/app/middleware/handle_bad_encoding_middleware.rb b/app/middleware/handle_bad_encoding_middleware.rb
new file mode 100644
index 000000000..6fce84b15
--- /dev/null
+++ b/app/middleware/handle_bad_encoding_middleware.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+# See: https://jamescrisp.org/2018/05/28/fixing-invalid-query-parameters-invalid-encoding-in-a-rails-app/
+
+class HandleBadEncodingMiddleware
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    begin
+      Rack::Utils.parse_nested_query(env['QUERY_STRING'].to_s)
+    rescue Rack::Utils::InvalidParameterError
+      env['QUERY_STRING'] = ''
+    end
+
+    @app.call(env)
+  end
+end
-- 
cgit