#48 PUTs should not be parsed as forms

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:id	tickets sorted by id (creation time)
Combine keywords for powerful searching.
Use advanced searching »

#48 √ invalid

PUTs should not be parsed as forms

Reported by Ben Bleything | November 28th, 2008 @ 12:28 AM | in 0.3.0 Sammy

It seems that the body of a PUT request is being parsed as though it were a form, which is rarely correct.

To access POSTed parameters, use params[:xxx] where xxx is the name of the form element that was posted.

It doesn't say anything about PUT requests, but I'm seeing this in my app, where I have a device PUTing an xml file. The result is that the params hash has "<?xml version" as a key. I tried reading the request.body, but it was at eof.

A functional workaround for this is to rewind request.body, but that's a bogus solution to the problem. PUT requests are intended to create or replace the resource at the given URI, so it doesn't make any sense to parse the request body.

I wasn't able to figure out where the body was being read/parsed in the code, so it's possible that this is Rack's problem and not Sinatra's. If that's the case, please let me know and I'll take this up with the Rack folks. Thanks :)

Comments and changes to this ticket

Ben Bleything November 28th, 2008 @ 12:51 AM
Here's a SUPER simple app that demonstrates what I consider to be "wrong". While building this, I discovered that the body parsing bit seems to happen only if there are captures in the route. The body is still at eof either way.
```
put '/' do
  puts "*** non-form content parsed as form" if params.has_key? "<?xml version"
  puts "*** request.body already at eof" if request.body.eof?
end
```
You can exercise it by writing a file with these contents:
```
<?xml version="1.0" standalone="yes"?>
<foo />
```
... and uploading it with curl like so:

$ curl -T yourfile.xml http://localhost:4567
Ben Bleything November 28th, 2008 @ 01:05 AM
Gah. There's actually a post (with patch) on the rack mailing list about this issue. Sorry for the ticket noise, I'll take it upstream.
Blake Mizerany November 30th, 2008 @ 04:25 PM
- → State changed from “new” to “invalid”
Marking as Invalid because this is handled by Rack before it gets to Sinatra.

Please Login or create a free account to add a new comment.

You can update this ticket by sending an email to from your email client. (help)

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

sinatra

PUTs should not be parsed as forms

Comments and changes to this ticket

Ben Bleything November 28th, 2008 @ 12:51 AM

Ben Bleything November 28th, 2008 @ 01:05 AM

Blake Mizerany November 30th, 2008 @ 04:25 PM

Create your profile

People watching this ticket

sinatra

Keyword searching

PUTs should not be parsed as forms

Comments and changes to this ticket

Ben Bleything November 28th, 2008 @ 12:51 AM

Ben Bleything November 28th, 2008 @ 01:05 AM

Blake Mizerany November 30th, 2008 @ 04:25 PM

Create your profile

People watching this ticket