On Tuesday, January 6, 2015 4:43:03 PM UTC, Joshua Siler wrote: > > We do get a fair amount of requests to random HTTP verbs and file types, > but the system usually handles that just fine (throwing an unknown request > exception would be desired behavior.) What concerns me about this is that > I'm seeing unexpected behavior, based on the addition of a period in the > URL. Something is getting parsed in an usual way somewhere in the stack... > > So what does happen - you said crash in your original post - does that mean a segmentation fault, exception, something else?
Fred > On Tuesday, January 6, 2015 4:15:00 AM UTC-7, cntrytwist wrote: >> >> Josh, >> Do you see any quit request types along with this? I see quit requests >> and it makes the web application complain that it doesn't know what kind of >> request that is. >> Kent >> >> On Monday, January 5, 2015 6:28:56 PM UTC-7, Joshua Siler wrote: >>> >>> Hi, >>> >>> We're getting some weird exceptions that look like hack attempts, and >>> I'm hoping someone can help us understand them. It looks like an >>> intentionally malformed URL is somehow causing unexpected behavior. >>> >>> Here's what we're seeing. These URLS: >>> >>> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b >>> ),h.before=b,e= >>> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h. >>> https://gadgetco.hiringthing.com/admin/jobs/k(b.onLoad)&&n(a,'load >>> ',h.onLoad),null==h||'none' >>> >>> Will crash our system, and the trace doesn't include any files from our >>> application (just framework code), trying to load a "Jobs" object that >>> doesn't exist. >>> >>> https://gadgetco.hiringthing.com/admin/jobs/somerandomstring >>> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h >>> >>> will work correctly, hitting our controller and successfully redirect >>> the user somewhere, and >>> >>> https://gadgetco.hiringthing.com/admin/jobs/1 >>> >>> will also work correctly, using Job.find(params[:id]) to load a job >>> (note object is Job not Jobs). >>> >>> Something different is going on between: >>> >>> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h. >>> (fails) >>> https://gadgetco.hiringthing.com/admin/jobs/h.delayType)c(h,b),h >>> (works correctly) >>> >>> and I don't know what. None of the related routes have any fancy regex >>> or anything unusual. Any insight would be appreciated. >>> >>> Thanks for your help. >>> Josh >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/aee7f910-0d61-44c5-812f-7870ae32c891%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
