Restrict Request Method hacking with ?_method to POST requests. [Rick Olson]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4644 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
author: Rick Olson <technoweenie@gmail.com> 2006-08-01 03:02:31 +0000
committer: Rick Olson <technoweenie@gmail.com> 2006-08-01 03:02:31 +0000
commit: 58b996f9b03668573fef2696d583ff04191a5fa7 (patch)
tree: 2ccc8009579855748748e27d84d37d28da3128bc /actionpack/lib
parent: c9417dcef379ec3e87fed63d32636697c2d19939 (diff)
download: rails-58b996f9b03668573fef2696d583ff04191a5fa7.tar.gz
rails-58b996f9b03668573fef2696d583ff04191a5fa7.tar.bz2
rails-58b996f9b03668573fef2696d583ff04191a5fa7.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index 0802353405..35a486fee4 100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -15,8 +15,8 @@ module ActionController
 
     # Returns the HTTP request method as a lowercase symbol (:get, for example)
     def method
-      @request_method ||= (method = parameters[:_method] && method == :post) ?
-        method.to_s.downcase.to_sym :
+      @request_method ||= (!parameters[:_method].blank? && @env['REQUEST_METHOD'] == 'POST') ?
+        parameters[:_method].to_s.downcase.to_sym :
         @env['REQUEST_METHOD'].downcase.to_sym
     end
author	Rick Olson <technoweenie@gmail.com>	2006-08-01 03:02:31 +0000
committer	Rick Olson <technoweenie@gmail.com>	2006-08-01 03:02:31 +0000
commit	58b996f9b03668573fef2696d583ff04191a5fa7 (patch)
tree	2ccc8009579855748748e27d84d37d28da3128bc /actionpack/lib
parent	c9417dcef379ec3e87fed63d32636697c2d19939 (diff)
download	rails-58b996f9b03668573fef2696d583ff04191a5fa7.tar.gz rails-58b996f9b03668573fef2696d583ff04191a5fa7.tar.bz2 rails-58b996f9b03668573fef2696d583ff04191a5fa7.zip