1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8245 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
David Heinemeier Hansson 2007-11-30 21:04:57 +00:00
parent b6d255559e
commit e03f13c553
3 changed files with 31 additions and 6 deletions

View file

@ -1,3 +1,8 @@
*SVN*
* Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH]
*2.0.0 [RC2]* (November 28th, 2007)
* Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 [tarmo]

View file

@ -12,7 +12,8 @@ module ActionController #:nodoc:
# parameters being set, or without certain session values existing.
#
# When a verification is violated, values may be inserted into the flash, and
# a specified redirection is triggered.
# a specified redirection is triggered. If no specific action is configured,
# verification failures will by default result in a 400 Bad Request response.
#
# Usage:
#
@ -93,13 +94,21 @@ module ActionController #:nodoc:
if prereqs_invalid
flash.update(options[:add_flash]) if options[:add_flash]
response.headers.update(options[:add_headers]) if options[:add_headers]
unless performed?
render(options[:render]) if options[:render]
options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a? Symbol
redirect_to(options[:redirect_to]) if options[:redirect_to]
case
when options[:render]
render(options[:render])
when options[:redirect_to]
options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
redirect_to(options[:redirect_to])
else
head(:bad_request)
end
end
end
end
private :verify_action
end
end

View file

@ -37,6 +37,8 @@ class VerificationTest < Test::Unit::TestCase
verify :only => :guarded_one_for_named_route_test, :params => "one",
:redirect_to => :foo_url
verify :only => :no_default_action, :params => "santa"
def guarded_one
render :text => "#{params[:one]}"
end
@ -89,6 +91,10 @@ class VerificationTest < Test::Unit::TestCase
render :text => "Was a post!"
end
def no_default_action
# Will never run
end
protected
def rescue_action(e) raise end
@ -229,6 +235,11 @@ class VerificationTest < Test::Unit::TestCase
assert_equal "Was a post!", @response.body
end
def test_default_failure_should_be_a_bad_request
post :no_default_action
assert_response :bad_request
end
def test_guarded_post_and_calls_render_fails_and_sets_allow_header
get :must_be_post
assert_response 405