lib/rack/sanitizer.rb in rack-sanitizer-2.0.0 vs lib/rack/sanitizer.rb in rack-sanitizer-2.0.2
- old
+ new
@@ -3,12 +3,10 @@
require "uri"
require "stringio"
module Rack
class Sanitizer
- BAD_REQUEST = [400, { "Content-Type" => "text/plain" }, ["Bad Request"]]
-
# options[:sanitizable_content_types] Array
# options[:additional_content_types] Array
def initialize(app, options={})
@app = app
@strategy = build_strategy(options)
@@ -19,11 +17,11 @@
def call(env)
env = sanitize(env)
begin
@app.call(env)
rescue SanitizedRackInput::FailedToReadBody
- return BAD_REQUEST
+ return [400, { "Content-Type" => "text/plain" }, ["Bad Request"]]
end
end
DEFAULT_STRATEGIES = {
replace: lambda do |input|
@@ -98,12 +96,17 @@
def sanitize_rack_input(env)
# https://github.com/rack/rack/blob/master/lib/rack/request.rb#L42
# Logic borrowed from Rack::Request#media_type,#media_type_params,#content_charset
# Ignoring charset in content type.
- content_type = env['CONTENT_TYPE']
- content_type &&= content_type.split(/\s*[;,]\s*/, 2).first
- content_type &&= content_type.downcase
+ if content_type = env['CONTENT_TYPE']
+ content_type = content_type.split(/[;,]/, 2).first
+ if content_type
+ content_type.strip!
+ content_type.downcase!
+ end
+ end
+
return unless @sanitizable_content_types.include?(content_type)
uri_encoded = URI_ENCODED_CONTENT_TYPES.include?(content_type)
if env['rack.input']
env['rack.input'] = SanitizedRackInput.new(