Project

General

Profile

Actions

Bug #8612

closed

nil in ERB::Util.url_encode

Added by fotos (Fotos Georgiadis) over 11 years ago. Updated over 9 years ago.

Status:
Rejected
Target version:
-
ruby -v:
1.9.3p448, 2.0.0p255
[ruby-core:55855]

Description

=begin
We hit a bug while using Rails and trying to URL encode an ActiveSupport::SafeBuffer. I have managed to reproduce it using a small test case for Ruby 1.9.3 and Ruby 2.0.0 (both attached) that shows a minimum set of requirements to trigger the bug. The issue seems to be fixed in trunk (2.1) but I couldn't find the relevant commit(s).

To reproduce:
require 'erb'

class MyString < String
def to_s
self
end

def gsub(*args, &block)
  to_str.gsub(*args, &block)
end

end

string = "\xCE\x94\xCE\xBF\xCE\xBA\xCE\xB9\xCE\xBC\xCE\xAE".force_encoding("UTF-8")

ERB::Util.u(MyString.new(string))

Expected outcome:

The URL encoding should work and it should encode the characters properly (according to the spec).

Actual outcome:

NoMethodError: undefined method unpack' for nil:NilClass /Users/fotos/Playground/OpenSource/ruby/lib/erb.rb:952:in block in url_encode'
/Users/fotos/Playground/OpenSource/ruby/test/erb/test_erb.rb:71:in gsub' /Users/fotos/Playground/OpenSource/ruby/test/erb/test_erb.rb:71:in gsub'
/Users/fotos/Playground/OpenSource/ruby/lib/erb.rb:951:in url_encode' /Users/fotos/Playground/OpenSource/ruby/test/erb/test_erb.rb:491:in test_url_encode_string_subclass'

Using

Workaround:

Yielding the match and using it instead of $& (last match) seems to work properly as demonstrated in the patch.

Thanks

PS. Some credits go out to Aggelos Orfanakos (@agorf) for triggering the bug! :-)
=end


Files

ruby_1_9_3_url_encode_issue.patch (1.49 KB) ruby_1_9_3_url_encode_issue.patch Ruby 1.9.3 patch for ERB::Util.url_encode fotos (Fotos Georgiadis), 07/09/2013 12:58 AM
ruby_2_0_0_url_encode_issue.patch (1.49 KB) ruby_2_0_0_url_encode_issue.patch Ruby 2.0.3 patch for ERB::Util.url_encode fotos (Fotos Georgiadis), 07/09/2013 12:58 AM
ruby_1_9_3_cgi_escape_issue.patch (1.03 KB) ruby_1_9_3_cgi_escape_issue.patch Ruby 1.9.3 patch for CGI::escape / unescape fotos (Fotos Georgiadis), 07/11/2013 11:08 PM
ruby_2_0_0_cgi_escape_issue.patch (1.09 KB) ruby_2_0_0_cgi_escape_issue.patch Ruby 2.0.0 patch for CGI::escape / unescape fotos (Fotos Georgiadis), 07/11/2013 11:08 PM

Related issues 1 (0 open1 closed)

Related to Ruby master - Feature #8648: unuse special global variable in erb/cgi methodsClosedxibbar (Takeyuki FUJIOKA)07/17/2013Actions

Updated by zzak (zzak _) over 11 years ago

  • Category set to lib
  • Status changed from Open to Assigned
  • Assignee set to seki (Masatoshi Seki)

Updated by fotos (Fotos Georgiadis) over 11 years ago

=begin
The same issue exists in (({CGI::escape})). Internally it calls (({$1.bytesize})) and (({$1})) is (({nil})).

For example calling:

CGI::escape(ActiveSupport::SafeBuffer.new('é'))

results in:

NoMethodError: undefined method bytesize' for nil:NilClass from ruby-1.9.3-p194/lib/ruby/1.9.1/cgi/util.rb:8:in block in escape'

I didn't test this with the latest stable versions of 1.9 or 2.0 but looking at the code it appears to be the same issue (global variables (({$1})), (({$2})), (({$`})), (({$&})), and (({$'})) appear to be (({nil}))). Yielding and using the match in gsub also solves the problem.

Thanks

=end

Updated by xibbar (Takeyuki FUJIOKA) over 11 years ago

  • Assignee changed from seki (Masatoshi Seki) to xibbar (Takeyuki FUJIOKA)

seki leave to xibbar.

Updated by xibbar (Takeyuki FUJIOKA) over 11 years ago

  • Status changed from Assigned to Rejected

This is not a bug.
Because implemented string class is not supported.
But I think this proposal is good.
I will merge to trunk.
Thank you.

Updated by fotos (Fotos Georgiadis) over 11 years ago

xibbar (Takeyuki FUJIOKA) wrote:

Thank you.

Thank you for merging this.

Actions #6

Updated by islamazab (Islam Azab) over 9 years ago

Is this fixed in Ruby 2.0.0 ruby 2.0.0p451 (2014-02-24 revision 45167)?

I am still getting the same error that is mentioned in this issue.

Actions #7

Updated by fotos (Fotos Georgiadis) over 9 years ago

Islam Azab wrote:

Is this fixed in Ruby 2.0.0 ruby 2.0.0p451 (2014-02-24 revision 45167)?

As you can see it was never backported to either 1.9.3 nor 2.0.0. The fix is part of Ruby 2.1.

I am still getting the same error that is mentioned in this issue.

There is a workaround (which I briefly describe above) but I don't really remember how it works. Should have documented this better. :)

Good luck.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0