Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #71 from presidentbeef/handle_layout_in_views

Treat render :layout in views like partials
  • Loading branch information...
commit 3498a29d79fd6e504f2b2fe6b98511153d2addf5 2 parents 26c6ecb + 8b3714e
@presidentbeef presidentbeef authored
View
27 lib/brakeman/processors/base_processor.rb
@@ -202,9 +202,14 @@ def process_ignore exp
exp
end
+ #Convenience method for `make_render exp, true`
+ def make_render_in_view exp
+ make_render exp, true
+ end
+
#Generates :render node from call to render.
- def make_render exp
- render_type, value, rest = find_render_type exp[3]
+ def make_render exp, in_view = false
+ render_type, value, rest = find_render_type exp[3], in_view
rest = process rest
result = Sexp.new(:render, render_type, value, rest)
result.line(exp.line)
@@ -214,9 +219,11 @@ def make_render exp
#Determines the type of a call to render.
#
#Possible types are:
- #:action, :default :file, :inline, :js, :json, :nothing, :partial,
+ #:action, :default, :file, :inline, :js, :json, :nothing, :partial,
#:template, :text, :update, :xml
- def find_render_type args
+ #
+ #And also :layout for inside templates
+ def find_render_type args, in_view = false
rest = Sexp.new(:hash)
type = nil
value = nil
@@ -244,10 +251,18 @@ def find_render_type args
value = args[1]
end
+ types_in_hash = Set[:action, :file, :inline, :js, :json, :nothing, :partial, :text, :update, :xml]
+
+ #render :layout => "blah" means something else when in a template
+ if in_view
+ types_in_hash << :layout
+ end
+
+ #Look for "type" of render in options hash
+ #For example, render :file => "blah"
if hash? args[-1]
hash_iterate(args[-1]) do |key, val|
- case key[1]
- when :action, :file, :inline, :js, :json, :nothing, :partial, :text, :update, :xml
+ if types_in_hash.include? key[1]
type = key[1]
value = val
else
View
2  lib/brakeman/processors/erb_template_processor.rb
@@ -44,7 +44,7 @@ def process_call exp
end
elsif target == nil and method == :render
exp[3] = process(exp[3])
- make_render exp
+ make_render_in_view exp
else
args = exp[3] = process(exp[3])
call = Sexp.new :call, target, method, args
View
2  lib/brakeman/processors/erubis_template_processor.rb
@@ -41,7 +41,7 @@ def process_call exp
end
elsif target == nil and method == :render
exp[3] = process exp[3]
- make_render exp
+ make_render_in_view exp
else
args = exp[3] = process(exp[3])
call = Sexp.new :call, target, method, args
View
2  lib/brakeman/processors/haml_template_processor.rb
@@ -92,7 +92,7 @@ def process_call exp
elsif target == nil and method == :render
#Process call to render()
exp[3] = process exp[3]
- make_render exp
+ make_render_in_view exp
else
args = process exp[3]
call = Sexp.new :call, target, method, args
View
9 lib/brakeman/processors/lib/render_helper.rb
@@ -11,8 +11,13 @@ def process_render exp
when :action
process_action exp[2][1], exp[3]
when :default
- process_template template_name, exp[3]
- when :partial
+ begin
+ process_template template_name, exp[3]
+ rescue ArgumentError => e
+ Brakeman.debug "Problem processing render: #{exp}"
+ raise e
+ end
+ when :partial, :layout
process_partial exp[2], exp[3]
when :nothing
end
View
1  test/apps/rails3.1/app/views/users/_test_layout.html.erb
@@ -0,0 +1 @@
+<%= raw @something %>
View
3  test/apps/rails3.1/app/views/users/index.html.erb
@@ -29,3 +29,6 @@
<br />
<%= link_to 'New User', new_user_path %>
+
+<%= @something = params["something_bad"] %>
+<%= render :layout => "test_layout" %>
Please sign in to comment.
Something went wrong with that request. Please try again.