Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #10739 (closed defect: fixed)

Opened 8 months ago

Last modified 8 months ago

[PATCH] ActionView::Helpers::ActiveRecordHelper::form() is broken when protect_from_forgery is used

Reported by: jeremyevans Assigned to: core
Priority: normal Milestone: 2.x
Component: ActionPack Version: edge
Severity: normal Keywords: tiny
Cc:

Description

ActionView::Helpers::ActiveRecordHelper::form() is broken when using protect_from_forgery, which means it is broken by default in Rails 2.0. It's broken because it doesn't include the token_tag, like the other methods that create form tags do. This is a simple one line patch that fixes it. As form_for doesn't have tests that relate to the CSRF protection, none are included here.

Attachments

fix_form_with_csrf.diff (0.6 kB) - added by jeremyevans on 01/08/08 00:04:33.
fix_form_with_csrf2.diff (3.0 kB) - added by jeremyevans on 01/10/08 20:31:04.
Change implementation, allow overwrite of method, add tests
fix_form_with_csrf3.diff (3.9 kB) - added by jeremyevans on 01/11/08 00:03:03.
Add docs

Change History

01/08/08 00:04:33 changed by jeremyevans

  • attachment fix_form_with_csrf.diff added.

01/08/08 00:06:38 changed by jeremyevans

  • keywords set to tiny.

01/08/08 00:51:55 changed by josh

You should probably add some unit tests as well.

01/10/08 20:31:04 changed by jeremyevans

  • attachment fix_form_with_csrf2.diff added.

Change implementation, allow overwrite of method, add tests

01/10/08 22:21:11 changed by nzkoz

If you want to add that new functionality you'll need to update the docs to reflect it

01/11/08 00:03:03 changed by jeremyevans

  • attachment fix_form_with_csrf3.diff added.

Add docs

01/11/08 00:05:09 changed by jeremyevans

OK, docs added, detailing all of the options, even the ones previously undocumented (:submit_value and :multipart).

01/11/08 16:25:26 changed by david

  • status changed from new to closed.
  • resolution set to fixed.

(In [8626]) Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used (closes #10739) [jeremyevans]