Permalink
Browse files

Guard correctly against overwritten REQUEST_METHOD via e.g. Rails mid…

…dleware. Also add Mocha requirement to project.
  • Loading branch information...
1 parent 7d02b8a commit b2b4139cd993f704e3db29f51c00c8cecc1efcbe @Soleone Soleone committed with josevalim Nov 17, 2010
Showing with 11 additions and 1 deletion.
  1. +1 −1 lib/action_controller/verification.rb
  2. +2 −0 test/test_helper.rb
  3. +8 −0 test/verification_test.rb
@@ -108,7 +108,7 @@ def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc:
end
def verify_method(options) # :nodoc:
- [*options[:method]].all? { |v| request.method_symbol != v.to_sym } if options[:method]
+ [*options[:method]].all? { |v| request.request_method_symbol != v.to_sym } if options[:method]
end
def verify_request_xhr_status(options) # :nodoc:
View
@@ -2,6 +2,8 @@
require 'test/unit'
require 'active_support'
require 'action_controller'
+require 'mocha'
+
require File.dirname(__FILE__) + '/../lib/action_controller/verification'
SharedTestRoutes = ActionDispatch::Routing::RouteSet.new
@@ -267,4 +267,12 @@ def test_guarded_post_and_calls_render_fails_and_sets_allow_header
def test_second_redirect
assert_nothing_raised { get :two_redirects }
end
+
+ def test_guarded_http_method_respects_overwritten_request_method
+ # Overwrite http method on application level like Rails supports via sending a _method parameter
+ @request.stubs(:request_method).returns('POST')
+
+ put :must_be_post
+ assert_equal "Was a post!", @response.body
+ end
end

0 comments on commit b2b4139

Please sign in to comment.