views:

27

answers:

2

I am using rails 2.3.5 . I have a resource for event.

  map.resources :events

  respond_to do |format|
        format.html
        format.js { render :text =>  @event.to_json, :layout => false }
  end

It is a public site and sometimes I get urls like

http://domain.com/events/14159-international-hardware-show-2010+91+"prashant"+2010+OR+email+OR+data+OR+base+-ALIBA.BACOM&hl=en&ct=clnk

I keep getting hoptoad exception email. How do I handle such cases?

It is failing because the url has .BACOM . I guess rails is looking show.bacom.erb .

+1  A: 

If the dot (.) indeed is the problem, you would need to properly encode the URL. This could be done like this:

require 'uri'

val = "prashant"+2010+OR+email+OR+data+OR+base+-ALIBA.BACOM"
encodedVal = URI.escape(val)

or replace URI.escape with CGI.escape in order to replace spaces with a + (instead of %20) Now use encodedVal to build the proper encoded URL instead of your original val.

Veger
+1  A: 

I think that this chain of 'item1+item2+item3' is your real problem.

The HTML standard is very specific about how parameters are specified: they must be separated from the URL with an interrogation sign (?) and that each parameter has the following syntax: name=encoded_value. The parameter separator is the ampersand (&).

So the standard way of specifying parameters would be:

http://domain.com/events/14159-international-hardware-show-2010?number=91&username=prashant&year=2010&source=ALIBA.BACOM&hl=en&ct=clnk

A url like this will allow your controller to get the 91 in params[:number], "prashant" in params[:username] etc.

If for some reason you must conserve the nonstandard structure, you can. You will have to put all the non-standard parts inside a "big standard parameter".

http://domain.com/events/14159-international-hardware-show-2010?bigparameter=91+prashant+2010+OR+email+OR+data+OR+base+-ALIBA.BACOM&hl=en&ct=clnk

Now you will have the chain "91+prashant+2010+OR+email+OR+data+OR+base+-ALIBA.BACOM" in params[:bigparameter]. You will have to parse it yourself, though.

I strongly recommend following the first option. In general, it is a good idea to respect the standards (it means less issues and simplifies work).

In both cases, the "?" sign will makes the server differentiate between base url and parameters, so you will not have any issues with the url format.

egarcia
My site generates url like thishttp://domain.com/events/14159-international-hardware-show-2010 . spammers are adding on to the site with the weird looking url. I was thinking what would be the best way to not get hoptoad.
Nadal
Then, add a ? at the end of your generated urls: http://domain.com/events/14159-international-hardware-show-2010? . This will allow you to discard anything that the spammers add easily
egarcia