I've seen a bunch of logged exceptions the last few months, where Rails expects array params like { "ids" => ["123", "456"] } but gets { "ids" => { "0" => "123", "1" => "456"] } or expects hash params like { "user" => { "foo" => "x", "bar" => "y" } } but gets {"user" => "foo=x&bar=y" }
So what was supposed to be an array (from checkboxes named "ids") becomes a hash from ordinals to values instead. And what was supposed to be a nested hash becomes a flat hash, with parts unparsed.
The RAW_POST_DATA, according to Exception Logger, is bad, not just the parsed data: authenticity_token=somevalue&user=foo%3Dx%26bar%3Dy
These seem to have in common the user agent Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/ 525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20
I've been unable to reproduce with the Safari version I have, which is different by the OS X version and .1 on Safari: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/ 525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1
I haven't been able to find a changelog for Safari that says what changed between these versions.
I'm not 100% sure whether this is in fact a bug in a specific version of Safari (or in OS X 10.5.3), or if this is due to some kind of automation attempts, or what. Some of the requests were a little suspicious (numericals at end of username etc), but they could well have been valid, and many requests do not look suspicious, other than the weird params.
It's not just on user signup but also for user profile updating, message sending and message deletion. I can't recall that I've seen the issue outside these four actions. Signup and message sending are obvious targets for automation/spam; profile updating and message deletion less so.
It's not entirely impossible that this is influenced by something in our setup. We've moved servers and changed some infrastructure around in the same timeframe we started seeing this, but there wasn't a huge spike of these issues at some point where we could connect it to a change we did. And again, I can't reproduce with my own Safari and haven't seen it from another user agent.
I'm writing in part just to get this googleable if someone else has the same issue, but also to ask if anyone else has seen it or knows more.