diff options
| author | Louise Crow <louise.crow@gmail.com> | 2015-06-08 17:29:19 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2015-06-11 13:38:20 +0100 |
| commit | 090531bf2d2b763e5bb281658e91b58905912130 (patch) | |
| tree | fcfbbc15daa97efdefaa411635ce178b29a52f2c /config | |
| parent | 3efe2f333a9b143e88556c0aeedb534090eb41d3 (diff) | |
Use rack-utf8_sanitizer to handle badly-formed UTF-8 in request URI and headers.
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb index eccf0937c..ed7488454 100644 --- a/config/application.rb +++ b/config/application.rb @@ -84,6 +84,11 @@ module Alaveteli require "#{Rails.root}/lib/whatdotheyknow/strip_empty_sessions" config.middleware.insert_before ::ActionDispatch::Cookies, WhatDoTheyKnow::StripEmptySessions, :key => '_wdtk_cookie_session', :path => "/", :httponly => true + # Strip non-UTF-8 request parameters + if RUBY_VERSION.to_f >= 1.9 + config.middleware.insert 0, Rack::UTF8Sanitizer + end + # Allow the generation of full URLs in emails config.action_mailer.default_url_options = { :host => AlaveteliConfiguration::domain } if AlaveteliConfiguration::force_ssl |