Weird params from Safari/525.20 on 10.5.3, {"user"=>"foo=x&bar=y"}, {"ids" => {"0"=>"123", "1"=>"45


#1

I’ve seen a bunch of logged exceptions the last few months, where
Rails expects array params like
{ “ids” => [“123”, “456”] }
but gets
{ “ids” => { “0” => “123”, “1” => “456”] }
or expects hash params like
{ “user” => { “foo” => “x”, “bar” => “y” } }
but gets
{“user” => “foo=x&bar=y” }

So what was supposed to be an array (from checkboxes named “ids[]”)
becomes a hash from ordinals to values instead. And what was supposed
to be a nested hash becomes a flat hash, with parts unparsed.

The RAW_POST_DATA, according to Exception Logger, is bad, not just the
parsed data:
authenticity_token=somevalue&user=foo%3Dx%26bar%3Dy

These seem to have in common the user agent
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/
525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20

I’ve been unable to reproduce with the Safari version I have, which is
different by the OS X version and .1 on Safari:
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/
525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1

I haven’t been able to find a changelog for Safari that says what
changed between these versions.

I’m not 100% sure whether this is in fact a bug in a specific version
of Safari (or in OS X 10.5.3), or if this is due to some kind of
automation attempts, or what. Some of the requests were a little
suspicious (numericals at end of username etc), but they could well
have been valid, and many requests do not look suspicious, other than
the weird params.

It’s not just on user signup but also for user profile updating,
message sending and message deletion. I can’t recall that I’ve seen
the issue outside these four actions. Signup and message sending are
obvious targets for automation/spam; profile updating and message
deletion less so.

It’s not entirely impossible that this is influenced by something in
our setup. We’ve moved servers and changed some infrastructure around
in the same timeframe we started seeing this, but there wasn’t a huge
spike of these issues at some point where we could connect it to a
change we did. And again, I can’t reproduce with my own Safari and
haven’t seen it from another user agent.

I’m writing in part just to get this googleable if someone else has
the same issue, but also to ask if anyone else has seen it or knows
more.


#2

On Mon, Nov 17, 2008 at 4:41 PM, Henrik N removed_email_address@domain.invalid wrote:

It’s not just on user signup but also for user profile updating,
message sending and message deletion.

And the message sending did not have spam content.


#3

On Nov 17, 4:41 pm, Henrik N removed_email_address@domain.invalid wrote:

So what was supposed to be an array (from checkboxes named “ids[]”)
becomes a hash from ordinals to values instead. And what was supposed
to be a nested hash becomes a flat hash, with parts unparsed.
[snip]

These seem to have in common the user agent
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/
525.18 (KHTML, like Gecko) Version/3.1.1Safari/525.20

Now seen it (hash) from
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/
20080404 Firefox/2.0.0.14
as well.