Merge branch 'main' into 43114-add-ssl-support-for-postgresql-dbconsole

Author: guilleiguaran

actionpack/CHANGELOG.md

@@ -1,3 +1,11 @@
+*   Use a static error message when raising `ActionDispatch::Http::Parameters::ParseError`
+    to avoid inadvertently logging the HTTP request body at the `fatal` level when it contains
+    malformed JSON.
+
+    Fixes #41145
+
+    *Aaron Lahey*
+
 *   Add `Middleware#delete!` to delete middleware or raise if not found.
 
     `Middleware#delete!` works just like `Middleware#delete` but will

actionpack/lib/action_dispatch/http/parameters.rb

@@ -17,8 +17,8 @@ module Parameters
       # Raised when raw data from the request cannot be parsed by the parser
       # defined for request's content MIME type.
       class ParseError < StandardError
-        def initialize
-          super($!.message)
+        def initialize(message = $!.message)
+          super(message)
         end
       end
 
@@ -93,7 +93,7 @@ def parse_formatted_parameters(parsers)
             strategy.call(raw_post)
           rescue # JSON or Ruby code block errors.
             log_parse_error_once
-            raise ParseError
+            raise ParseError, "Error occurred while parsing request parameters"
           end
         end
 

actionpack/test/dispatch/request/json_params_parsing_test.rb

@@ -80,7 +80,7 @@ def teardown
         post "/parse", params: json, headers: { "CONTENT_TYPE" => "application/json", "action_dispatch.show_exceptions" => false }
       end
       assert_equal JSON::ParserError, exception.cause.class
-      assert_equal exception.cause.message, exception.message
+      assert_equal "Error occurred while parsing request parameters", exception.message
     ensure
       $stderr = STDERR
     end

activemodel/lib/active_model/serialization.rb

@@ -123,7 +123,7 @@ module Serialization
     #   user.serializable_hash(include: { notes: { only: 'title' }})
     #   # => {"name" => "Napoleon", "notes" => [{"title"=>"Battle of Austerlitz"}]}
     def serializable_hash(options = nil)
-      attribute_names = attributes.keys
+      attribute_names = self.attribute_names
 
       return serializable_attributes(attribute_names) if options.blank?
 
@@ -148,6 +148,11 @@ def serializable_hash(options = nil)
       hash
     end
 
+    # Returns an array of attribute names as strings
+    def attribute_names # :nodoc:
+      attributes.keys
+    end
+
     private
       # Hook method defining how an attribute value should be retrieved for
       # serialization. By default this is assumed to be an instance named after

activerecord/CHANGELOG.md

@@ -18,7 +18,7 @@
 
 *   Make schema cache methods return consistent results.
 
-    Previously the schema cache methods `primary_keys`, `columns, `columns_hash`, and `indexes`
+    Previously the schema cache methods `primary_keys`, `columns`, `columns_hash`, and `indexes`
     would behave differently than one another when a table didn't exist and differently across
     database adapters. This change unifies the behavior so each method behaves the same regardless
     of adapter.

activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb

@@ -196,14 +196,7 @@ def disable_referential_integrity # :nodoc:
 
       # Executes the SQL statement in the context of this connection.
       def execute(sql, name = nil, async: false)
-        materialize_transactions
-        mark_transaction_written_if_write(sql)
-
-        log(sql, name, async: async) do
-          ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
-            @connection.query(sql)
-          end
-        end
+        raw_execute(sql, name, async)
       end
 
       # Mysql2Adapter doesn't have to free a result after using it, but we use this method
@@ -629,6 +622,17 @@ def type_map
           emulate_booleans ? TYPE_MAP_WITH_BOOLEAN : TYPE_MAP
         end
 
+        def raw_execute(sql, name, async: false)
+          materialize_transactions
+          mark_transaction_written_if_write(sql)
+
+          log(sql, name, async: async) do
+            ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+              @connection.query(sql)
+            end
+          end
+        end
+
         # See https://dev.mysql.com/doc/mysql-errors/en/server-error-reference.html
         ER_DB_CREATE_EXISTS     = 1007
         ER_FILSORT_ABORT        = 1028

activerecord/lib/active_record/connection_adapters/mysql/database_statements.rb

@@ -37,25 +37,11 @@ def explain(arel, binds = [])
           MySQL::ExplainPrettyPrinter.new.pp(result, elapsed)
         end
 
-        def execute(sql, name = nil, async: false)
-          # make sure we carry over any changes to ActiveRecord.default_timezone that have been
-          # made since we established the connection
-          @connection.query_options[:database_timezone] = ActiveRecord.default_timezone
-
-          super
-        end
-        alias_method :raw_execute, :execute
-        private :raw_execute
-
         # Executes the SQL statement in the context of this connection.
         def execute(sql, name = nil, async: false)
           sql = transform_query(sql)
           check_if_write_query(sql)
 
-          # make sure we carry over any changes to ActiveRecord.default_timezone that have been
-          # made since we established the connection
-          @connection.query_options[:database_timezone] = ActiveRecord.default_timezone
-
           raw_execute(sql, name, async: async)
         end
 
@@ -91,6 +77,14 @@ def exec_delete(sql, name = nil, binds = []) # :nodoc:
         alias :exec_update :exec_delete
 
         private
+          def raw_execute(sql, name, async: false)
+            # make sure we carry over any changes to ActiveRecord.default_timezone that have been
+            # made since we established the connection
+            @connection.query_options[:database_timezone] = ActiveRecord.default_timezone
+
+            super
+          end
+
           def execute_batch(statements, name = nil)
             statements = statements.map { |sql| transform_query(sql) }
             combine_multi_statements(statements).each do |statement|

activerecord/test/cases/associations/has_many_through_disable_joins_associations_test.rb

@@ -17,7 +17,7 @@
 require "models/department"
 
 class HasManyThroughDisableJoinsAssociationsTest < ActiveRecord::TestCase
-  fixtures :posts, :authors, :comments, :pirates
+  fixtures :posts, :authors, :comments, :pirates, :author_addresses
 
   def setup
     @author = authors(:mary)

activerecord/test/cases/relation/and_test.rb

@@ -5,7 +5,7 @@
 
 module ActiveRecord
   class AndTest < ActiveRecord::TestCase
-    fixtures :authors
+    fixtures :authors, :author_addresses
 
     def test_and
       david, mary, bob = authors(:david, :mary, :bob)

activerecord/test/cases/relation/where_chain_test.rb

@@ -10,7 +10,7 @@
 
 module ActiveRecord
   class WhereChainTest < ActiveRecord::TestCase
-    fixtures :posts, :comments, :authors, :humans, :essays
+    fixtures :posts, :comments, :authors, :humans, :essays, :author_addresses
 
     def test_associated_with_association
       Post.where.associated(:author).tap do |relation|