Test that ActionDispatch::IntegrationTest does not leak parameters

author: Nick Sieger <nick@nicksieger.com> 2016-07-28 14:12:55 -0500
committer: Nick Sieger <nick@nicksieger.com> 2016-07-28 14:12:55 -0500
commit: 273a691dfd6f77a79ce99f50905024fcdc02e67f (patch)
tree: 22f3821007831064b391fa56b62d90556d5dec9b
parent: 407583478ad6d171ae72f81c560bf01c1446117f (diff)
download: rails-273a691dfd6f77a79ce99f50905024fcdc02e67f.tar.gz
rails-273a691dfd6f77a79ce99f50905024fcdc02e67f.tar.bz2
rails-273a691dfd6f77a79ce99f50905024fcdc02e67f.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb
index 3b89531e90..e02b0b267d 100644
--- a/actionpack/test/controller/integration_test.rb
+++ b/actionpack/test/controller/integration_test.rb
@@ -625,6 +625,20 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest
     end
   end
 
+  def test_post_then_get_with_parameters_do_not_leak_across_requests
+    with_test_route_set do
+      post '/post', params: { leaks: "does-leak?" }
+
+      get '/get_with_params', params: { foo: "bar" }
+
+      assert request.env['rack.input'].string.empty?
+      assert_equal 'foo=bar', request.env["QUERY_STRING"]
+      assert_equal 'foo=bar', request.query_string
+      assert_equal 'bar', request.parameters['foo']
+      assert request.parameters['leaks'].nil?
+    end
+  end
+
   def test_head
     with_test_route_set do
       head '/get'
author	Nick Sieger <nick@nicksieger.com>	2016-07-28 14:12:55 -0500
committer	Nick Sieger <nick@nicksieger.com>	2016-07-28 14:12:55 -0500
commit	273a691dfd6f77a79ce99f50905024fcdc02e67f (patch)
tree	22f3821007831064b391fa56b62d90556d5dec9b
parent	407583478ad6d171ae72f81c560bf01c1446117f (diff)
download	rails-273a691dfd6f77a79ce99f50905024fcdc02e67f.tar.gz rails-273a691dfd6f77a79ce99f50905024fcdc02e67f.tar.bz2 rails-273a691dfd6f77a79ce99f50905024fcdc02e67f.zip