diff options
author | rick <rick@spacemonkey.local> | 2008-05-06 00:42:24 -0700 |
---|---|---|
committer | rick <rick@spacemonkey.local> | 2008-05-06 00:42:24 -0700 |
commit | 0697d17d121fcf9f46b5dd2dd1034dffa19ebdf2 (patch) | |
tree | fae506c6f6ef3ec7b3fb05601bb61128903fd114 /actionpack/CHANGELOG | |
parent | 04f52219f11944e50555dc59917c73c99581dac0 (diff) | |
download | rails-0697d17d121fcf9f46b5dd2dd1034dffa19ebdf2.tar.gz rails-0697d17d121fcf9f46b5dd2dd1034dffa19ebdf2.tar.bz2 rails-0697d17d121fcf9f46b5dd2dd1034dffa19ebdf2.zip |
Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [#73 state:resolved]
Diffstat (limited to 'actionpack/CHANGELOG')
-rw-r--r-- | actionpack/CHANGELOG | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 54030047ba..87f570d55c 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [rick] + * Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80] * Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [DHH] |