Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Changeset 8245

Show
Ignore:
Timestamp:
11/30/07 21:04:57 (1 year ago)
Author:
david
Message:

Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH]

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/actionpack/CHANGELOG

    r8235 r8245  
     1*SVN* 
     2 
     3* Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH] 
     4 
     5 
    16*2.0.0 [RC2]* (November 28th, 2007) 
    27 

  • trunk/actionpack/lib/action_controller/verification.rb

    r8106 r8245  
    1313    # 
    1414    # When a verification is violated, values may be inserted into the flash, and 
    15     # a specified redirection is triggered. 
     15    # a specified redirection is triggered. If no specific action is configured, 
     16    # verification failures will by default result in a 400 Bad Request response. 
    1617    # 
    1718    # Usage: 
     
    8283        [*options[:params] ].find { |v| params[v].nil?  } || 
    8384        [*options[:session]].find { |v| session[v].nil? } || 
    84         [*options[:flash]  ].find { |v| flash[v].nil?   
     85        [*options[:flash]  ].find { |v| flash[v].nil?   
    8586       
    8687      if !prereqs_invalid && options[:method] 
     
    9495        flash.update(options[:add_flash]) if options[:add_flash] 
    9596        response.headers.update(options[:add_headers]) if options[:add_headers] 
     97 
    9698        unless performed? 
    97           render(options[:render]) if options[:render] 
    98           options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a? Symbol 
    99           redirect_to(options[:redirect_to]) if options[:redirect_to] 
     99          case 
     100          when options[:render] 
     101            render(options[:render]) 
     102          when options[:redirect_to] 
     103            options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol) 
     104            redirect_to(options[:redirect_to]) 
     105          else 
     106            head(:bad_request) 
     107          end 
    100108        end 
    101109      end 
    102110    end 
     111 
    103112    private :verify_action 
    104113  end 

  • trunk/actionpack/test/controller/verification_test.rb

    r6422 r8245  
    3838           :redirect_to => :foo_url 
    3939 
     40    verify :only => :no_default_action, :params => "santa" 
     41 
    4042    def guarded_one 
    4143      render :text => "#{params[:one]}" 
     
    8890    def must_be_post 
    8991      render :text => "Was a post!" 
     92    end 
     93     
     94    def no_default_action 
     95      # Will never run 
    9096    end 
    9197     
     
    230236  end 
    231237     
     238  def test_default_failure_should_be_a_bad_request 
     239    post :no_default_action 
     240    assert_response :bad_request 
     241  end 
     242     
    232243  def test_guarded_post_and_calls_render_fails_and_sets_allow_header 
    233244    get :must_be_post