mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Reset rack.input when the environment is scrubbed for the next request
Before this change, posted parameters would leak across requests. The included test case failed like so: 1) Failure: TestCaseTest#test_multiple_mixed_method_process_should_scrub_rack_input: --- expected +++ actual @@ -1 +1 @@ -{"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"} +{"foo"=>"an foo", "bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"} An argument could be made that this situation isn't encountered often and that one should limit the number of requests per test case, but I still think the parameter leaking is an unexpected side-effect.
This commit is contained in:
parent
7e6996a1b3
commit
407583478a
2 changed files with 9 additions and 0 deletions
|
@ -620,6 +620,7 @@ module ActionController
|
||||||
env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ }
|
env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ }
|
||||||
env.delete 'action_dispatch.request.query_parameters'
|
env.delete 'action_dispatch.request.query_parameters'
|
||||||
env.delete 'action_dispatch.request.request_parameters'
|
env.delete 'action_dispatch.request.request_parameters'
|
||||||
|
env['rack.input'] = StringIO.new
|
||||||
env
|
env
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -854,6 +854,14 @@ XML
|
||||||
assert_nil cookies['foo']
|
assert_nil cookies['foo']
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_multiple_mixed_method_process_should_scrub_rack_input
|
||||||
|
post :test_params, params: { id: 1, foo: 'an foo' }
|
||||||
|
assert_equal({"id"=>"1", "foo" => "an foo", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body))
|
||||||
|
|
||||||
|
get :test_params, params: { bar: 'an bar' }
|
||||||
|
assert_equal({"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body))
|
||||||
|
end
|
||||||
|
|
||||||
%w(controller response request).each do |variable|
|
%w(controller response request).each do |variable|
|
||||||
%w(get post put delete head process).each do |method|
|
%w(get post put delete head process).each do |method|
|
||||||
define_method("test_#{variable}_missing_for_#{method}_raises_error") do
|
define_method("test_#{variable}_missing_for_#{method}_raises_error") do
|
||||||
|
|
Loading…
Reference in a new issue