Bug #8612
closed
nil in ERB::Util.url_encode
Description
=begin
We hit a bug while using Rails and trying to URL encode an ActiveSupport::SafeBuffer. I have managed to reproduce it using a small test case for Ruby 1.9.3 and Ruby 2.0.0 (both attached) that shows a minimum set of requirements to trigger the bug. The issue seems to be fixed in trunk (2.1) but I couldn't find the relevant commit(s).
To reproduce:
require 'erb'
class MyString < String
def to_s
self
end
def gsub(*args, &block)
to_str.gsub(*args, &block)
end
end
string = "\xCE\x94\xCE\xBF\xCE\xBA\xCE\xB9\xCE\xBC\xCE\xAE".force_encoding("UTF-8")
ERB::Util.u(MyString.new(string))
Expected outcome:
The URL encoding should work and it should encode the characters properly (according to the spec).
Actual outcome:
NoMethodError: undefined method unpack' for nil:NilClass /Users/fotos/Playground/OpenSource/ruby/lib/erb.rb:952:in block in url_encode'
/Users/fotos/Playground/OpenSource/ruby/test/erb/test_erb.rb:71:in gsub' /Users/fotos/Playground/OpenSource/ruby/test/erb/test_erb.rb:71:in gsub'
/Users/fotos/Playground/OpenSource/ruby/lib/erb.rb:951:in url_encode' /Users/fotos/Playground/OpenSource/ruby/test/erb/test_erb.rb:491:in test_url_encode_string_subclass'
Using
Workaround:
Yielding the match and using it instead of $& (last match) seems to work properly as demonstrated in the patch.
Thanks
PS. Some credits go out to Aggelos Orfanakos (@agorf) for triggering the bug! :-)
=end
Files
Updated by zzak (zzak _) over 11 years ago
- Category set to lib
- Status changed from Open to Assigned
- Assignee set to seki (Masatoshi Seki)
Updated by fotos (Fotos Georgiadis) over 11 years ago
- File ruby_1_9_3_cgi_escape_issue.patch ruby_1_9_3_cgi_escape_issue.patch added
- File ruby_2_0_0_cgi_escape_issue.patch ruby_2_0_0_cgi_escape_issue.patch added
=begin
The same issue exists in (({CGI::escape})). Internally it calls (({$1.bytesize})) and (({$1})) is (({nil})).
For example calling:
CGI::escape(ActiveSupport::SafeBuffer.new('é'))
results in:
NoMethodError: undefined method bytesize' for nil:NilClass from ruby-1.9.3-p194/lib/ruby/1.9.1/cgi/util.rb:8:in block in escape'
I didn't test this with the latest stable versions of 1.9 or 2.0 but looking at the code it appears to be the same issue (global variables (({$1})), (({$2})), (({$`})), (({$&})), and (({$'})) appear to be (({nil}))). Yielding and using the match in gsub also solves the problem.
Thanks
=end
Updated by xibbar (Takeyuki FUJIOKA) over 11 years ago
- Assignee changed from seki (Masatoshi Seki) to xibbar (Takeyuki FUJIOKA)
seki leave to xibbar.
Updated by xibbar (Takeyuki FUJIOKA) over 11 years ago
- Status changed from Assigned to Rejected
This is not a bug.
Because implemented string class is not supported.
But I think this proposal is good.
I will merge to trunk.
Thank you.
Updated by fotos (Fotos Georgiadis) over 11 years ago
xibbar (Takeyuki FUJIOKA) wrote:
Thank you.
Thank you for merging this.
Updated by islamazab (Islam Azab) over 9 years ago
Is this fixed in Ruby 2.0.0 ruby 2.0.0p451 (2014-02-24 revision 45167)?
I am still getting the same error that is mentioned in this issue.
Updated by fotos (Fotos Georgiadis) over 9 years ago
Islam Azab wrote:
Is this fixed in Ruby 2.0.0 ruby 2.0.0p451 (2014-02-24 revision 45167)?
As you can see it was never backported to either 1.9.3 nor 2.0.0. The fix is part of Ruby 2.1.
I am still getting the same error that is mentioned in this issue.
There is a workaround (which I briefly describe above) but I don't really remember how it works. Should have documented this better. :)
Good luck.