Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8245 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
author: David Heinemeier Hansson <david@loudthinking.com> 2007-11-30 21:04:57 +0000
committer: David Heinemeier Hansson <david@loudthinking.com> 2007-11-30 21:04:57 +0000
commit: e03f13c5538e38b501014fd5702309bcd7e16cbb (patch)
tree: c5e266e897a885c6dab7aa657c13284c9dc2c285 /actionpack/lib/action_controller
parent: b6d255559eeead2b95f6c5e4035f4b82d2b88355 (diff)
download: rails-e03f13c5538e38b501014fd5702309bcd7e16cbb.tar.gz
rails-e03f13c5538e38b501014fd5702309bcd7e16cbb.tar.bz2
rails-e03f13c5538e38b501014fd5702309bcd7e16cbb.zip
1 files changed, 15 insertions, 6 deletions
diff --git a/actionpack/lib/action_controller/verification.rb b/actionpack/lib/action_controller/verification.rb
index 8550f24526..e5045fba7c 100644
--- a/actionpack/lib/action_controller/verification.rb
+++ b/actionpack/lib/action_controller/verification.rb
@@ -12,7 +12,8 @@ module ActionController #:nodoc:
     # parameters being set, or without certain session values existing.
     #
     # When a verification is violated, values may be inserted into the flash, and
-    # a specified redirection is triggered.
+    # a specified redirection is triggered. If no specific action is configured,
+    # verification failures will by default result in a 400 Bad Request response.
     #
     # Usage:
     #
@@ -81,7 +82,7 @@ module ActionController #:nodoc:
       prereqs_invalid =
         [*options[:params] ].find { |v| params[v].nil?  } ||
         [*options[:session]].find { |v| session[v].nil? } ||
-        [*options[:flash]  ].find { |v| flash[v].nil?    }
+        [*options[:flash]  ].find { |v| flash[v].nil?   }
       
       if !prereqs_invalid && options[:method]
         prereqs_invalid ||= 
@@ -93,13 +94,21 @@ module ActionController #:nodoc:
       if prereqs_invalid
         flash.update(options[:add_flash]) if options[:add_flash]
         response.headers.update(options[:add_headers]) if options[:add_headers]
+
         unless performed?
-          render(options[:render]) if options[:render]
-          options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a? Symbol
-          redirect_to(options[:redirect_to]) if options[:redirect_to]
+          case
+          when options[:render]
+            render(options[:render])
+          when options[:redirect_to]
+            options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
+            redirect_to(options[:redirect_to])
+          else
+            head(:bad_request)
+          end
         end
       end
     end
+
     private :verify_action
   end
-end
+end
+\ No newline at end of file
author	David Heinemeier Hansson <david@loudthinking.com>	2007-11-30 21:04:57 +0000
committer	David Heinemeier Hansson <david@loudthinking.com>	2007-11-30 21:04:57 +0000
commit	e03f13c5538e38b501014fd5702309bcd7e16cbb (patch)
tree	c5e266e897a885c6dab7aa657c13284c9dc2c285 /actionpack/lib/action_controller
parent	b6d255559eeead2b95f6c5e4035f4b82d2b88355 (diff)
download	rails-e03f13c5538e38b501014fd5702309bcd7e16cbb.tar.gz rails-e03f13c5538e38b501014fd5702309bcd7e16cbb.tar.bz2 rails-e03f13c5538e38b501014fd5702309bcd7e16cbb.zip