diff options
| author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2016-07-28 16:27:44 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-28 16:27:44 -0500 |
| commit | 3916656f8e9700eb5f1cfc441ff66e1f12173683 (patch) | |
| tree | 5b0e2c7a7c8ef392eb6869334c5c98b13097778a | |
| parent | b37bd3d52f4d06ec3452bdfcd6bc9c6bfcb27519 (diff) | |
| parent | 273a691dfd6f77a79ce99f50905024fcdc02e67f (diff) | |
| download | rails-3916656f8e9700eb5f1cfc441ff66e1f12173683.tar.gz rails-3916656f8e9700eb5f1cfc441ff66e1f12173683.tar.bz2 rails-3916656f8e9700eb5f1cfc441ff66e1f12173683.zip | |
Merge pull request #25965 from nicksieger/ac_test_case_reset_rack_input
Reset rack.input when the environment is scrubbed for the next request
| -rw-r--r-- | actionpack/lib/action_controller/test_case.rb | 1 | ||||
| -rw-r--r-- | actionpack/test/controller/integration_test.rb | 14 | ||||
| -rw-r--r-- | actionpack/test/controller/test_case_test.rb | 8 |
3 files changed, 23 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index b1b3e87934..6c5d7b5e37 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -620,6 +620,7 @@ module ActionController env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ } env.delete 'action_dispatch.request.query_parameters' env.delete 'action_dispatch.request.request_parameters' + env['rack.input'] = StringIO.new env end diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index 3b89531e90..e02b0b267d 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -625,6 +625,20 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest end end + def test_post_then_get_with_parameters_do_not_leak_across_requests + with_test_route_set do + post '/post', params: { leaks: "does-leak?" } + + get '/get_with_params', params: { foo: "bar" } + + assert request.env['rack.input'].string.empty? + assert_equal 'foo=bar', request.env["QUERY_STRING"] + assert_equal 'foo=bar', request.query_string + assert_equal 'bar', request.parameters['foo'] + assert request.parameters['leaks'].nil? + end + end + def test_head with_test_route_set do head '/get' diff --git a/actionpack/test/controller/test_case_test.rb b/actionpack/test/controller/test_case_test.rb index ea59156f65..e288b51716 100644 --- a/actionpack/test/controller/test_case_test.rb +++ b/actionpack/test/controller/test_case_test.rb @@ -854,6 +854,14 @@ XML assert_nil cookies['foo'] end + def test_multiple_mixed_method_process_should_scrub_rack_input + post :test_params, params: { id: 1, foo: 'an foo' } + assert_equal({"id"=>"1", "foo" => "an foo", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body)) + + get :test_params, params: { bar: 'an bar' } + assert_equal({"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body)) + end + %w(controller response request).each do |variable| %w(get post put delete head process).each do |method| define_method("test_#{variable}_missing_for_#{method}_raises_error") do |