diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2011-04-06 12:05:58 -0300 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2011-04-06 15:47:58 -0300 |
commit | 0c5aded0922f80bd1a31c7d2a3974469a18160a8 (patch) | |
tree | 0cca53fa9dbddb4d63b31090b9c1d44d4f148a0e /actionpack/lib/action_dispatch/middleware | |
parent | 90ecad0bc944fc3adb847c0c754d8f0dc2bed4b5 (diff) | |
download | rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.tar.gz rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.tar.bz2 rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.zip |
raise if someone tries to modify the cookies when it was already streamed back to the client or converted to HTTP headers
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 7ac608f0a8..67c4b83d45 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -115,10 +115,15 @@ module ActionDispatch @delete_cookies = {} @host = host @secure = secure + @closed = false super() end + attr_reader :closed + alias :closed? :closed + def close!; @closed = true end + # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists. def [](name) super(name.to_s) @@ -145,6 +150,7 @@ module ActionDispatch # Sets the cookie named +name+. The second argument may be the very cookie # value, or a hash of options as documented above. def []=(key, options) + raise ClosedError, :cookies if closed? if options.is_a?(Hash) options.symbolize_keys! value = options[:value] @@ -225,6 +231,7 @@ module ActionDispatch end def []=(key, options) + raise ClosedError, :cookies if closed? if options.is_a?(Hash) options.symbolize_keys! else @@ -263,6 +270,7 @@ module ActionDispatch end def []=(key, options) + raise ClosedError, :cookies if closed? if options.is_a?(Hash) options.symbolize_keys! options[:value] = @verifier.generate(options[:value]) @@ -305,6 +313,7 @@ module ActionDispatch end def call(env) + cookie_jar = nil status, headers, body = @app.call(env) if cookie_jar = env['action_dispatch.cookies'] @@ -315,6 +324,9 @@ module ActionDispatch end [status, headers, body] + ensure + cookie_jar = ActionDispatch::Request.new(env).cookie_jar unless cookie_jar + cookie_jar.close! end end end |