diff options
author | kp <keith.j.payne@gmail.com> | 2016-02-10 17:44:54 +0000 |
---|---|---|
committer | kp <keith.j.payne@gmail.com> | 2016-02-10 17:44:54 +0000 |
commit | ec4ae308a76bd86fb6eaf7fa8ee025af0063ee30 (patch) | |
tree | 741019b3fbf474ff4cdeefdbeb6ff1f598ffcdfc /actionpack/test/controller/render_test.rb | |
parent | 8641de93eb98d4ebdb0db2530c8c79c0c4e2f95e (diff) | |
parent | 688996da7b25080a1a2ef74f5b4789f3e5eb670d (diff) | |
download | rails-ec4ae308a76bd86fb6eaf7fa8ee025af0063ee30.tar.gz rails-ec4ae308a76bd86fb6eaf7fa8ee025af0063ee30.tar.bz2 rails-ec4ae308a76bd86fb6eaf7fa8ee025af0063ee30.zip |
Merge remote-tracking branch 'origin/master' into actioncable_logging
Diffstat (limited to 'actionpack/test/controller/render_test.rb')
-rw-r--r-- | actionpack/test/controller/render_test.rb | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index 3f569230c2..c814d4ea54 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -63,12 +63,16 @@ class TestController < ActionController::Base end def dynamic_render - render params[:id] # => String, AC:Params + render params[:id] # => String, AC::Params + end + + def dynamic_render_permit + render params[:id].permit(:file) end def dynamic_render_with_file # This is extremely bad, but should be possible to do. - file = params[:id] # => String, AC:Params + file = params[:id] # => String, AC::Params render file: file end @@ -253,6 +257,11 @@ end class ExpiresInRenderTest < ActionController::TestCase tests TestController + def setup + super + ActionController::Base.view_paths.paths.each(&:clear_cache) + end + def test_dynamic_render_with_file # This is extremely bad, but should be possible to do. assert File.exist?(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb')) @@ -261,6 +270,18 @@ class ExpiresInRenderTest < ActionController::TestCase response.body end + def test_dynamic_render_with_absolute_path + file = Tempfile.new('name') + file.write "secrets!" + file.flush + assert_raises ActionView::MissingTemplate do + get :dynamic_render, params: { id: file.path } + end + ensure + file.close + file.unlink + end + def test_dynamic_render assert File.exist?(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb')) assert_raises ActionView::MissingTemplate do @@ -268,6 +289,14 @@ class ExpiresInRenderTest < ActionController::TestCase end end + def test_permitted_dynamic_render_file_hash + skip "FIXME: this test passes on 4-2-stable but not master. Why?" + assert File.exist?(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb')) + response = get :dynamic_render_permit, params: { id: { file: '../\\../test/abstract_unit.rb' } } + assert_equal File.read(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb')), + response.body + end + def test_dynamic_render_file_hash assert_raises ArgumentError do get :dynamic_render, params: { id: { file: '../\\../test/abstract_unit.rb' } } |