Changeset 8235
- Timestamp:
- 11/29/07 02:08:51 (9 months ago)
- Files:
-
- trunk/actionpack/CHANGELOG (modified) (1 diff)
- trunk/actionpack/lib/action_controller/base.rb (modified) (1 diff)
- trunk/actionpack/lib/action_controller/request.rb (modified) (4 diffs)
- trunk/actionpack/test/controller/request_test.rb (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/actionpack/CHANGELOG
r8234 r8235 1 1 *2.0.0 [RC2]* (November 28th, 2007) 2 3 * Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 [tarmo] 2 4 3 5 * Update to Prototype -r8232. [sam] trunk/actionpack/lib/action_controller/base.rb
r8215 r8235 86 86 end 87 87 88 class UnknownHttpMethod < ActionControllerError #:nodoc: 89 end 88 90 89 91 # Action Controllers are the core of a web request in Rails. They are made up of one or more actions that are executed trunk/actionpack/lib/action_controller/request.rb
r8164 r8235 4 4 5 5 module ActionController 6 # HTTP methods which are accepted by default. 7 ACCEPTED_HTTP_METHODS = Set.new(%w( get head put post delete )) 8 6 9 # CgiRequest and TestRequest provide concrete implementations. 7 10 class AbstractRequest … … 13 16 attr_reader :env 14 17 18 # The true HTTP request method as a lowercase symbol, such as :get. 19 # UnknownHttpMethod is raised for invalid methods not listed in ACCEPTED_HTTP_METHODS. 20 def request_method 21 @request_method ||= begin 22 method = ((@env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank?) ? parameters[:_method].to_s : @env['REQUEST_METHOD']).downcase 23 if ACCEPTED_HTTP_METHODS.include?(method) 24 method.to_sym 25 else 26 raise UnknownHttpMethod, "#{method}, accepted HTTP methods are #{ACCEPTED_HTTP_METHODS.to_a.to_sentence}" 27 end 28 end 29 end 30 15 31 # The HTTP request method as a lowercase symbol, such as :get. 16 32 # Note, HEAD is returned as :get since the two are functionally 17 33 # equivalent from the application's perspective. 18 34 def method 19 @request_method ||= 20 if @env['REQUEST_METHOD'] == 'POST' && !parameters[:_method].blank? 21 parameters[:_method].to_s.downcase.to_sym 22 else 23 @env['REQUEST_METHOD'].downcase.to_sym 24 end 25 26 @request_method == :head ? :get : @request_method 35 request_method == :head ? :get : request_method 27 36 end 28 37 … … 34 43 # Is this a POST request? Equivalent to request.method == :post 35 44 def post? 36 method == :post45 request_method == :post 37 46 end 38 47 39 48 # Is this a PUT request? Equivalent to request.method == :put 40 49 def put? 41 method == :put50 request_method == :put 42 51 end 43 52 44 53 # Is this a DELETE request? Equivalent to request.method == :delete 45 54 def delete? 46 method == :delete55 request_method == :delete 47 56 end 48 57 … … 50 59 # HTTP method directly. 51 60 def head? 52 @env['REQUEST_METHOD'].downcase.to_sym== :head61 request_method == :head 53 62 end 54 63 trunk/actionpack/test/controller/request_test.rb
r8164 r8235 307 307 end 308 308 309 def test_invalid_http_method_raises_exception 310 set_request_method_to :random_method 311 assert_raises(ActionController::UnknownHttpMethod) do 312 @request.method 313 end 314 end 315 309 316 def test_allow_method_hacking_on_post 310 317 set_request_method_to :post 311 [:get, : put, :delete].each do |method|318 [:get, :head, :put, :post, :delete].each do |method| 312 319 @request.instance_eval { @parameters = { :_method => method } ; @request_method = nil } 313 assert_equal method, @request.method 320 assert_equal(method == :head ? :get : method, @request.method) 321 end 322 end 323 324 def test_invalid_method_hacking_on_post_raises_exception 325 set_request_method_to :post 326 @request.instance_eval { @parameters = { :_method => :random_method } ; @request_method = nil } 327 assert_raises(ActionController::UnknownHttpMethod) do 328 @request.method 314 329 end 315 330 end
