Skip to content
Browse files

Fixed that a bunch of methods from ActionController::Base was accessi…

…ble as actions (callable through a URL) when they shouldn't have been #644 [Nicholas Seckar].  Base#hide_actions(*names) to hide public methods from a controller that would otherwise have been callable through the URL. For the majority of cases, its preferred just to make the methods you don't want to expose protected or private (so they'll automatically be hidden) -- but if you must have a public method, this is a way to make it uncallable. Base#hidden_actions retrieve the list of all hidden actions for the controller #644 [Nicholas Seckar]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@646 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent 761b18a commit 04b8bc1bdd13de1a5a47239bea12229ca98dd0cc @dhh dhh committed Feb 17, 2005
Showing with 21 additions and 3 deletions.
  1. +6 −0 actionpack/CHANGELOG
  2. +15 −3 actionpack/lib/action_controller/base.rb
View
6 actionpack/CHANGELOG
@@ -1,5 +1,11 @@
*SVN*
+* Added Base#hide_actions(*names) to hide public methods from a controller that would otherwise have been callable through the URL. For the majority of cases, its preferred just to make the methods you don't want to expose protected or private (so they'll automatically be hidden) -- but if you must have a public method, this is a way to make it uncallable. Base#hidden_actions retrieve the list of all hidden actions for the controller #644 [Nicholas Seckar]
+
+* Fixed that a bunch of methods from ActionController::Base was accessible as actions (callable through a URL) when they shouldn't have been #644 [Nicholas Seckar]
+
+* Added UrlHelper#current_page?(options) method to check if the url_for options passed corresponds to the current page
+
* Fixed https handling on other ports than 443 [Alan Gano]
* Added follow_redirect method for functional tests that'll get-request the redirect that was made. Example:
View
18 actionpack/lib/action_controller/base.rb
@@ -285,6 +285,19 @@ def controller_path
components.shift if components.first == 'controllers' # Transitional conditional to accomodate root Controllers module
components.join('/')
end
+
+ # Return an array containing the names of public methods that have been marked hidden from the action processor.
+ # By default, all methods defined in ActionController::Base and included modules are hidden.
+ # More methods can be hidden using +hide_actions+.
+ def hidden_actions
+ write_inheritable_attribute(:hidden_actions, ActionController::Base.public_instance_methods) unless read_inheritable_attribute(:hidden_actions)
+ read_inheritable_attribute(:hidden_actions)
+ end
+
+ # Hide each of the given methods from being callable as actions.
+ def hide_actions(*names)
+ write_inheritable_attribute(:hidden_actions, hidden_actions | names.collect {|n| n.to_s})
+ end
end
public
@@ -638,10 +651,9 @@ def performed?
end
def action_methods
- action_controller_classes = self.class.ancestors.reject{ |a| [Object, Kernel].include?(a) }
- action_controller_classes.inject([]) { |action_methods, klass| action_methods + klass.public_instance_methods(false) }
+ @action_methods ||= (self.class.public_instance_methods - self.class.hidden_actions)
end
-
+
def add_variables_to_assigns
add_instance_variables_to_assigns
add_class_variables_to_assigns if view_controller_internals

0 comments on commit 04b8bc1

Please sign in to comment.
Something went wrong with that request. Please try again.