Permalink
Browse files

Merge pull request #25965 from nicksieger/ac_test_case_reset_rack_input

Reset rack.input when the environment is scrubbed for the next request
  • Loading branch information...
guilleiguaran committed Jul 28, 2016
2 parents b37bd3d + 273a691 commit 3916656f8e9700eb5f1cfc441ff66e1f12173683
@@ -620,6 +620,7 @@ def scrub_env!(env)
env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ }
env.delete 'action_dispatch.request.query_parameters'
env.delete 'action_dispatch.request.request_parameters'
env['rack.input'] = StringIO.new
env
end
@@ -625,6 +625,20 @@ def test_get_with_parameters
end
end
def test_post_then_get_with_parameters_do_not_leak_across_requests
with_test_route_set do
post '/post', params: { leaks: "does-leak?" }
get '/get_with_params', params: { foo: "bar" }
assert request.env['rack.input'].string.empty?
assert_equal 'foo=bar', request.env["QUERY_STRING"]
assert_equal 'foo=bar', request.query_string
assert_equal 'bar', request.parameters['foo']
assert request.parameters['leaks'].nil?
end
end
def test_head
with_test_route_set do
head '/get'
@@ -854,6 +854,14 @@ def test_should_detect_if_cookie_is_deleted
assert_nil cookies['foo']
end
def test_multiple_mixed_method_process_should_scrub_rack_input
post :test_params, params: { id: 1, foo: 'an foo' }
assert_equal({"id"=>"1", "foo" => "an foo", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body))
get :test_params, params: { bar: 'an bar' }
assert_equal({"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body))
end
%w(controller response request).each do |variable|
%w(get post put delete head process).each do |method|
define_method("test_#{variable}_missing_for_#{method}_raises_error") do

0 comments on commit 3916656

Please sign in to comment.