mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
6520ea5f7e
Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values. |
||
---|---|---|
.. | ||
json_params_parsing_test.rb | ||
multipart_params_parsing_test.rb | ||
query_string_parsing_test.rb | ||
session_test.rb | ||
url_encoded_params_parsing_test.rb |