raise if someone tries to modify the cookies when it was already streamed back to the client or converted to HTTP headers

author: Santiago Pastorino <santiago@wyeworks.com> 2011-04-06 12:05:58 -0300
committer: Santiago Pastorino <santiago@wyeworks.com> 2011-04-06 15:47:58 -0300
commit: 0c5aded0922f80bd1a31c7d2a3974469a18160a8 (patch)
tree: 0cca53fa9dbddb4d63b31090b9c1d44d4f148a0e /actionpack/lib
parent: 90ecad0bc944fc3adb847c0c754d8f0dc2bed4b5 (diff)
download: rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.tar.gz
rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.tar.bz2
rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 7ac608f0a8..67c4b83d45 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -115,10 +115,15 @@ module ActionDispatch
         @delete_cookies = {}
         @host = host
         @secure = secure
+        @closed = false
 
         super()
       end
 
+      attr_reader :closed
+      alias :closed? :closed
+      def close!; @closed = true end
+
       # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists.
       def [](name)
         super(name.to_s)
@@ -145,6 +150,7 @@ module ActionDispatch
       # Sets the cookie named +name+. The second argument may be the very cookie
       # value, or a hash of options as documented above.
       def []=(key, options)
+        raise ClosedError, :cookies if closed?
         if options.is_a?(Hash)
           options.symbolize_keys!
           value = options[:value]
@@ -225,6 +231,7 @@ module ActionDispatch
       end
 
       def []=(key, options)
+        raise ClosedError, :cookies if closed?
         if options.is_a?(Hash)
           options.symbolize_keys!
         else
@@ -263,6 +270,7 @@ module ActionDispatch
       end
 
       def []=(key, options)
+        raise ClosedError, :cookies if closed?
         if options.is_a?(Hash)
           options.symbolize_keys!
           options[:value] = @verifier.generate(options[:value])
@@ -305,6 +313,7 @@ module ActionDispatch
     end
 
     def call(env)
+      cookie_jar = nil
       status, headers, body = @app.call(env)
 
       if cookie_jar = env['action_dispatch.cookies']
@@ -315,6 +324,9 @@ module ActionDispatch
       end
 
       [status, headers, body]
+    ensure
+      cookie_jar = ActionDispatch::Request.new(env).cookie_jar unless cookie_jar
+      cookie_jar.close!
     end
   end
 end
author	Santiago Pastorino <santiago@wyeworks.com>	2011-04-06 12:05:58 -0300
committer	Santiago Pastorino <santiago@wyeworks.com>	2011-04-06 15:47:58 -0300
commit	0c5aded0922f80bd1a31c7d2a3974469a18160a8 (patch)
tree	0cca53fa9dbddb4d63b31090b9c1d44d4f148a0e /actionpack/lib
parent	90ecad0bc944fc3adb847c0c754d8f0dc2bed4b5 (diff)
download	rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.tar.gz rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.tar.bz2 rails-0c5aded0922f80bd1a31c7d2a3974469a18160a8.zip