utf8-cleaner 0.0.6 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b6e265c0aefe9f9c6fa6082b86f21c81a92400b6
-  data.tar.gz: 12dd12dceef125122d2877dbc9e9e597055ddfac
+  metadata.gz: 34470c6433b9f2fc055514464d9c4794881ed579
+  data.tar.gz: 5135b3b7e6ea404b3dcc57d07ea9aee798a528d4
 SHA512:
-  metadata.gz: b794d47e0c9460ef5ec9eadc9340f705a491b0c48370efb82310d2bf21ff7713d655a4fdbb312c4788913879476be5a4c8823e8f494d8a2fe7376ecc4dd58a6c
-  data.tar.gz: 0bf1fb1a6d23600a3f5ff4ae7d1f62c7fded5a0d7d0233ebc85103b12c51a849a7ef83708a21568a28bd005e8ea1199ffff6b0d05b0c186a8889624e190f5e19
+  metadata.gz: 35b02095acfd32a1a5c1a380ed017e130c25dae095fc2f1bee135a1451f1394f6018eba74f7d4567b3158fbf8978d79ad968fd07a947fde054bf6d0e38766e68
+  data.tar.gz: 9fef626eb986add0193d716339e6df9e7faf22cc8767c7257b2514265ccd3f2294360df45f6c04afd4977f88ced34b4e51f9160231c12e041e0e586ec35bf64d

data/.travis.yml

@@ -1,4 +1,5 @@
 language: ruby
 rvm:
   - 1.9.3
-  - 2.0.0
+  - 2.0.0
+  - 2.1.1

data/README.md

@@ -1,6 +1,6 @@
 # UTF8Cleaner
 
-[<img src="https://secure.travis-ci.org/singlebrook/utf8-cleaner.png" />](http://travis-ci.org/singlebrook/utf8-cleaner)
+[![Build Status](https://secure.travis-ci.org/singlebrook/utf8-cleaner.png?branch=master)](http://travis-ci.org/singlebrook/utf8-cleaner)
 
 Removes invalid UTF-8 characters from the environment so that your app doesn't choke
 on them. This prevents errors like "invalid byte sequence in UTF-8".
@@ -21,7 +21,7 @@ Or install it yourself as:
 
 If you're not running Rails, you'll have to add the middleware to your config.ru:
 
-    require 'uf8-cleaner'
+    require 'utf8-cleaner'
     use UTF8Cleaner::Middleware
 
 ## Usage
@@ -40,4 +40,6 @@ There's nothing to "use". It just works!
 
 Original middleware author: @phoet - https://gist.github.com/phoet/1336754
 
-Ruby 1.9.3 compatibility: @pithyless - https://gist.github.com/pithyless/3639014
+* Ruby 1.9.3 compatibility: @pithyless - https://gist.github.com/pithyless/3639014
+* Code review and cleanup: @nextmat
+* POST body sanitization: @salrepe

data/lib/utf8-cleaner/middleware.rb

@@ -20,22 +20,37 @@ module UTF8Cleaner
 
     private
 
-    def is_valid_utf8(string)
-      utf8 = string.dup.force_encoding('UTF-8')
-      string == utf8 && utf8.valid_encoding?
-    rescue EncodingError
-      false
+    def sanitize_env(env)
+      sanitize_env_keys(env)
+      sanitize_env_rack_input(env)
+      env
     end
 
-    def sanitize_env(env)
+    def sanitize_env_keys(env)
       SANITIZE_ENV_KEYS.each do |key|
         next unless value = env[key]
+        cleaned_value = cleaned_uri_string(value)
+        env[key] = cleaned_value if cleaned_value
+      end
+    end
 
-        if value.include?('%')
-          env[key] = URIString.new(value).cleaned
-        end
+    def sanitize_env_rack_input(env)
+      case env['CONTENT_TYPE']
+      when 'application/x-www-form-urlencoded'
+        cleaned_value = cleaned_uri_string(env['rack.input'].read)
+        env['rack.input'] = StringIO.new(cleaned_value) if cleaned_value
+        env['rack.input'].rewind
+      when 'multipart/form-data'
+        # Don't process the data since it may contain binary content
+      else
+        # Unknown content type. Leave it alone
+      end
+    end
+
+    def cleaned_uri_string(value)
+      if value.include?('%')
+        URIString.new(value).cleaned
       end
-      env
     end
   end
 end

data/lib/utf8-cleaner/uri_string.rb

@@ -14,10 +14,6 @@ module UTF8Cleaner
       end
     end
 
-    def encoded?
-      data.include?('%')
-    end
-
     def valid?
       valid_uri_encoded_utf8(data)
     end

data/lib/utf8-cleaner/version.rb

@@ -1,3 +1,3 @@
 module UTF8Cleaner
-  VERSION = "0.0.6"
+  VERSION = "0.0.9"
 end

data/spec/middleware_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'rack/lint'
 
 describe UTF8Cleaner::Middleware do
   let :env do
@@ -6,7 +7,9 @@ describe UTF8Cleaner::Middleware do
       'PATH_INFO' => 'foo/%FFbar%2e%2fbaz%26%3B',
       'QUERY_STRING' => 'foo=bar%FF',
       'HTTP_REFERER' => 'http://example.com/blog+Result:+%ED%E5+%ED%E0%F8%EB%EE%F1%FC+%F4%EE%F0%EC%FB+%E4%EB%FF+%EE%F2%EF%F0%E0%E2%EA%E8',
-      'REQUEST_URI' => '%C3%89%E2%9C%93'
+      'REQUEST_URI' => '%C3%89%E2%9C%93',
+      'rack.input' => StringIO.new("foo=%FFbar%F8"),
+      'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
     }
   end
 
@@ -17,10 +20,32 @@ describe UTF8Cleaner::Middleware do
   describe "removes invalid UTF-8 sequences" do
     it { new_env['QUERY_STRING'].should == 'foo=bar' }
     it { new_env['HTTP_REFERER'].should == 'http://example.com/blog+Result:+++++' }
+    it { new_env['rack.input'].read.should == 'foo=bar' }
   end
 
   describe "leaves all valid characters untouched" do
     it { new_env['PATH_INFO'].should == 'foo/bar%2e%2fbaz%26%3B' }
     it { new_env['REQUEST_URI'].should == '%C3%89%E2%9C%93' }
   end
-end
+
+  describe "when rack.input is wrapped" do
+    # rack.input responds only to methods gets, each, rewind, read and close
+    # Rack::Lint::InputWrapper is the class which servers wrappers are based on
+    it "removes invalid UTF-8 sequences" do
+      wrapped_rack_input = Rack::Lint::InputWrapper.new(StringIO.new("foo=%FFbar%F8"))
+      env.merge!('rack.input' => wrapped_rack_input)
+      new_env = UTF8Cleaner::Middleware.new(nil).send(:sanitize_env, env)
+      new_env['rack.input'].read.should == 'foo=bar'
+    end
+  end
+
+  describe "when binary data is POSTed" do
+    before do
+      env['CONTENT_TYPE'] = 'multipart/form-data'
+    end
+    it "leaves the body alone" do
+      env['rack.input'].rewind
+      new_env['rack.input'].read.should == "foo=%FFbar%F8"
+    end
+  end
+end

data/spec/uri_string_spec.rb

@@ -22,15 +22,6 @@ module UTF8Cleaner
       it { complex_invalid_string.cleaned.should eq('foo/bar%2e%2fbaz%26%3B%E2%9C%93baz') }
     end
 
-    describe '#encoded?' do
-      it { encoded_string.should be_encoded }
-      it { invalid_string.should be_encoded }
-      it { multibyte_string.should be_encoded }
-      it { complex_invalid_string.should be_encoded }
-
-      it { ascii_string.should_not be_encoded }
-    end
-
     describe '#valid?' do
       it { ascii_string.should be_valid }
       it { encoded_string.should be_valid }

data/utf8-cleaner.gemspec

@@ -21,4 +21,5 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "guard"
   gem.add_development_dependency "guard-rspec"
   gem.add_development_dependency "rspec"
+  gem.add_development_dependency "rack"
 end

metadata

@@ -1,69 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: utf8-cleaner
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.9
 platform: ruby
 authors:
 - Leon Miller-Out
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-16 00:00:00.000000000 Z
+date: 2014-04-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Removes invalid UTF8 characters from the URL and other env vars
@@ -73,8 +87,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - Guardfile
 - LICENSE.txt
@@ -98,17 +112,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Prevent annoying error reports of "invalid byte sequence in UTF-8"