Henrik N
2008-Nov-17 15:41 UTC
Weird params from Safari/525.20 on 10.5.3, {"user"=>"foo=x&bar=y"}, {"ids" => {"0"=>"123", "1"=>"456"}
I''ve seen a bunch of logged exceptions the last few months, where
Rails expects array params like
{ "ids" => ["123", "456"] }
but gets
{ "ids" => { "0" => "123", "1"
=> "456"] }
or expects hash params like
{ "user" => { "foo" => "x", "bar"
=> "y" } }
but gets
{"user" => "foo=x&bar=y" }
So what was supposed to be an array (from checkboxes named "ids[]")
becomes a hash from ordinals to values instead. And what was supposed
to be a nested hash becomes a flat hash, with parts unparsed.
The RAW_POST_DATA, according to Exception Logger, is bad, not just the
parsed data:
authenticity_token=somevalue&user=foo%3Dx%26bar%3Dy
These seem to have in common the user agent
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/
525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20
I''ve been unable to reproduce with the Safari version I have, which is
different by the OS X version and .1 on Safari:
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/
525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1
I haven''t been able to find a changelog for Safari that says what
changed between these versions.
I''m not 100% sure whether this is in fact a bug in a specific version
of Safari (or in OS X 10.5.3), or if this is due to some kind of
automation attempts, or what. Some of the requests were a little
suspicious (numericals at end of username etc), but they could well
have been valid, and many requests do not look suspicious, other than
the weird params.
It''s not just on user signup but also for user profile updating,
message sending and message deletion. I can''t recall that I''ve
seen
the issue outside these four actions. Signup and message sending are
obvious targets for automation/spam; profile updating and message
deletion less so.
It''s not entirely impossible that this is influenced by something in
our setup. We''ve moved servers and changed some infrastructure around
in the same timeframe we started seeing this, but there wasn''t a huge
spike of these issues at some point where we could connect it to a
change we did. And again, I can''t reproduce with my own Safari and
haven''t seen it from another user agent.
I''m writing in part just to get this googleable if someone else has
the same issue, but also to ask if anyone else has seen it or knows
more.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Henrik Nyh
2008-Nov-17 15:48 UTC
Re: Weird params from Safari/525.20 on 10.5.3, {"user"=>"foo=x&bar=y"}, {"ids" => {"0"=>"123", "1"=>"456"}
On Mon, Nov 17, 2008 at 4:41 PM, Henrik N <henrik-//VPbvzLDw4@public.gmane.org> wrote:> I''ve seen a bunch of logged exceptions the last few months, where > Rails expects array params like > { "ids" => ["123", "456"] } > but gets > { "ids" => { "0" => "123", "1" => "456"] } > or expects hash params like > { "user" => { "foo" => "x", "bar" => "y" } } > but gets > {"user" => "foo=x&bar=y" } > > It''s not just on user signup but also for user profile updating, > message sending and message deletion.And the message sending did not have spam content. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Henrik N
2008-Nov-19 08:04 UTC
Re: Weird params from Safari/525.20 on 10.5.3, {"user"=>"foo=x&bar=y"}, {"ids" => {"0"=>"123", "1"=>"456"}
On Nov 17, 4:41 pm, Henrik N <hen...-//VPbvzLDw4@public.gmane.org> wrote:> I''ve seen a bunch of logged exceptions the last few months, where > Rails expects arrayparamslike > { "ids" => ["123", "456"] } > but gets > { "ids" => { "0" => "123", "1" => "456"] } > or expects hashparamslike > { "user" => { "foo" => "x", "bar" => "y" } } > but gets > {"user" => "foo=x&bar=y" } > > So what was supposed to be an array (from checkboxes named "ids[]") > becomes a hash from ordinals to values instead. And what was supposed > to be a nested hash becomes a flat hash, with parts unparsed. > [snip]> These seem to have in common the user agent > Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/ > 525.18 (KHTML, like Gecko) Version/3.1.1Safari/525.20Now seen it (hash) from Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/ 20080404 Firefox/2.0.0.14 as well. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---