Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #1…

…0303 [tarmo]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8235 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit 0a9bc591e78382b221ef5c2f463bac90564b9982 1 parent ab73a98
@technoweenie technoweenie authored
View
2  actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*2.0.0 [RC2]* (November 28th, 2007)
+* Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 [tarmo]
+
* Update to Prototype -r8232. [sam]
* Make sure the optimisation code for routes doesn't get used if :host, :anchor or :port are provided in the hash arguments. [pager, Koz] #10292
View
2  actionpack/lib/action_controller/base.rb
@@ -85,6 +85,8 @@ def initialize(message = nil)
end
end
+ class UnknownHttpMethod < ActionControllerError #:nodoc:
+ end
# Action Controllers are the core of a web request in Rails. They are made up of one or more actions that are executed
# on request and then either render a template or redirect to another action. An action is defined as a public method
View
33 actionpack/lib/action_controller/request.rb
@@ -3,6 +3,9 @@
require 'strscan'
module ActionController
+ # HTTP methods which are accepted by default.
+ ACCEPTED_HTTP_METHODS = Set.new(%w( get head put post delete ))
+
# CgiRequest and TestRequest provide concrete implementations.
class AbstractRequest
cattr_accessor :relative_url_root
@@ -12,18 +15,24 @@ class AbstractRequest
# such as { 'RAILS_ENV' => 'production' }.
attr_reader :env
+ # The true HTTP request method as a lowercase symbol, such as :get.
+ # UnknownHttpMethod is raised for invalid methods not listed in ACCEPTED_HTTP_METHODS.
+ def request_method
+ @request_method ||= begin
+ method = ((@env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank?) ? parameters[:_method].to_s : @env['REQUEST_METHOD']).downcase
+ if ACCEPTED_HTTP_METHODS.include?(method)
+ method.to_sym
+ else
+ raise UnknownHttpMethod, "#{method}, accepted HTTP methods are #{ACCEPTED_HTTP_METHODS.to_a.to_sentence}"
+ end
+ end
+ end
+
# The HTTP request method as a lowercase symbol, such as :get.
# Note, HEAD is returned as :get since the two are functionally
# equivalent from the application's perspective.
def method
- @request_method ||=
- if @env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank?
- parameters[:_method].to_s.downcase.to_sym
- else
- @env['REQUEST_METHOD'].downcase.to_sym
- end
-
- @request_method == :head ? :get : @request_method
+ request_method == :head ? :get : request_method
end
# Is this a GET (or HEAD) request? Equivalent to request.method == :get
@@ -33,23 +42,23 @@ def get?
# Is this a POST request? Equivalent to request.method == :post
def post?
- method == :post
+ request_method == :post
end
# Is this a PUT request? Equivalent to request.method == :put
def put?
- method == :put
+ request_method == :put
end
# Is this a DELETE request? Equivalent to request.method == :delete
def delete?
- method == :delete
+ request_method == :delete
end
# Is this a HEAD request? request.method sees HEAD as :get, so check the
# HTTP method directly.
def head?
- @env['REQUEST_METHOD'].downcase.to_sym == :head
+ request_method == :head
end
def headers
View
19 actionpack/test/controller/request_test.rb
@@ -306,11 +306,26 @@ def test_symbolized_request_methods
end
end
+ def test_invalid_http_method_raises_exception
+ set_request_method_to :random_method
+ assert_raises(ActionController::UnknownHttpMethod) do
+ @request.method
+ end
+ end
+
def test_allow_method_hacking_on_post
set_request_method_to :post
- [:get, :put, :delete].each do |method|
+ [:get, :head, :put, :post, :delete].each do |method|
@request.instance_eval { @parameters = { :_method => method } ; @request_method = nil }
- assert_equal method, @request.method
+ assert_equal(method == :head ? :get : method, @request.method)
+ end
+ end
+
+ def test_invalid_method_hacking_on_post_raises_exception
+ set_request_method_to :post
+ @request.instance_eval { @parameters = { :_method => :random_method } ; @request_method = nil }
+ assert_raises(ActionController::UnknownHttpMethod) do
+ @request.method
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.