Commit 0a9bc591e78382b221ef5c2f463bac90564b9982 to rails's rails

0a9bc59
all branches
all tags
- v2.1.0_RC1
- v2.1.0
- v2.0.3
- v2.0.2
- v2.0.1
- v2.0.0_RC2
- v2.0.0_RC1
- v2.0.0_PR
- v2.0.0
- v1.2.6
- v1.2.5
- v1.2.4
- v1.2.3
- v1.2.2
- v1.2.1
- v1.2.0_RC2
- v1.2.0_RC1
- v1.2.0
- v1.1.6
- v1.1.5
- v1.1.4
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0_RC1
- v1.1.0
- v1.0.0
- v0.9.5
- v0.9.4.1
- v0.9.4
- v0.9.3
- v0.9.2
- v0.9.1
- v0.14.4
- v0.14.3
- v0.14.2
- v0.14.1
- v0.13.1
- v0.13.0
- v0.12.0
- v0.11.1
- v0.11.0
- v0.10.1
- v0.10.0
comments

rails / rails

Description:	Ruby on Rails
Homepage:	http://rubyonrails.org
Clone URL:	git://github.com/rails/rails.git Give this clone URL to anyone. `git clone git://github.com/rails/rails.git`
Search Repo:

Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 
[tarmo]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8235 
5ecf4fe2-1ee6-0310-87b1-e25e094e27de

technoweenie (author)

Wed Nov 28 18:08:51 -0800 2007

commit 0a9bc591e78382b221ef5c2f463bac90564b9982
tree fb4a264ddb46ba16fd04327f6ca27da1aa1a5569
parent ab73a988aca073e6ff16cd608df6e2e08808d31c

actionpack/CHANGELOG
actionpack/lib/action_controller/base.rb
actionpack/lib/action_controller/request.rb
actionpack/test/controller/request_test.rb

actionpack/CHANGELOG

0
@@ -1,5 +1,7 @@
0
 *2.0.0 [RC2]* (November 28th, 2007)
0
 
0
+* Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 [tarmo]
0
+
0
 * Update to Prototype -r8232.  [sam]
0
 
0
 * Make sure the optimisation code for routes doesn't get used if :host, :anchor or :port are provided in the hash arguments. [pager, Koz] #10292

actionpack/lib/action_controller/base.rb

0
@@ -85,6 +85,8 @@
0
     end
0
   end
0
 
0
+  class UnknownHttpMethod < ActionControllerError #:nodoc:
0
+  end
0
 
0
   # Action Controllers are the core of a web request in Rails. They are made up of one or more actions that are executed
0
   # on request and then either render a template or redirect to another action. An action is defined as a public method

actionpack/lib/action_controller/request.rb

0
@@ -3,6 +3,9 @@
0
 require 'strscan'
0
 
0
 module ActionController
0
+  # HTTP methods which are accepted by default. 
0
+  ACCEPTED_HTTP_METHODS = Set.new(%w( get head put post delete ))
0
+
0
   # CgiRequest and TestRequest provide concrete implementations.
0
   class AbstractRequest
0
     cattr_accessor :relative_url_root
0
0
@@ -12,18 +15,24 @@
0
     # such as { 'RAILS_ENV' => 'production' }.
0
     attr_reader :env
0
 
0
+    # The true HTTP request method as a lowercase symbol, such as :get.
0
+    # UnknownHttpMethod is raised for invalid methods not listed in ACCEPTED_HTTP_METHODS.
0
+    def request_method
0
+      @request_method ||= begin
0
+        method = ((@env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank?) ? parameters[:_method].to_s : @env['REQUEST_METHOD']).downcase
0
+        if ACCEPTED_HTTP_METHODS.include?(method)
0
+          method.to_sym
0
+        else
0
+          raise UnknownHttpMethod, "#{method}, accepted HTTP methods are #{ACCEPTED_HTTP_METHODS.to_a.to_sentence}"
0
+        end
0
+      end
0
+    end
0
+
0
     # The HTTP request method as a lowercase symbol, such as :get.
0
     # Note, HEAD is returned as :get since the two are functionally
0
     # equivalent from the application's perspective.
0
     def method
0
-      @request_method ||=
0
-        if @env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank?
0
-          parameters[:_method].to_s.downcase.to_sym
0
-        else
0
-          @env['REQUEST_METHOD'].downcase.to_sym
0
-        end
0
-
0
-      @request_method == :head ? :get : @request_method
0
+      request_method == :head ? :get : request_method
0
     end
0
 
0
     # Is this a GET (or HEAD) request?  Equivalent to request.method == :get
0
0
0
0
@@ -33,23 +42,23 @@
0
 
0
     # Is this a POST request?  Equivalent to request.method == :post
0
     def post?
0
-      method == :post
0
+      request_method == :post
0
     end
0
 
0
     # Is this a PUT request?  Equivalent to request.method == :put
0
     def put?
0
-      method == :put
0
+      request_method == :put
0
     end
0
 
0
     # Is this a DELETE request?  Equivalent to request.method == :delete
0
     def delete?
0
-      method == :delete
0
+      request_method == :delete
0
     end
0
 
0
     # Is this a HEAD request? request.method sees HEAD as :get, so check the
0
     # HTTP method directly.
0
     def head?
0
-      @env['REQUEST_METHOD'].downcase.to_sym == :head
0
+      request_method == :head
0
     end
0
 
0
     def headers

actionpack/test/controller/request_test.rb

0
@@ -306,11 +306,26 @@
0
     end
0
   end
0
 
0
+  def test_invalid_http_method_raises_exception
0
+    set_request_method_to :random_method
0
+    assert_raises(ActionController::UnknownHttpMethod) do
0
+      @request.method
0
+    end
0
+  end
0
+
0
   def test_allow_method_hacking_on_post
0
     set_request_method_to :post
0
-    [:get, :put, :delete].each do |method|
0
+    [:get, :head, :put, :post, :delete].each do |method|
0
       @request.instance_eval { @parameters = { :_method => method } ; @request_method = nil }
0
-      assert_equal method, @request.method
0
+      assert_equal(method == :head ? :get : method, @request.method)
0
+    end
0
+  end
0
+
0
+  def test_invalid_method_hacking_on_post_raises_exception
0
+    set_request_method_to :post
0
+    @request.instance_eval { @parameters = { :_method => :random_method } ; @request_method = nil }
0
+    assert_raises(ActionController::UnknownHttpMethod) do
0
+      @request.method
0
     end
0
   end
0

Comments

No one has commented yet.