aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/render_xml_test.rb
diff options
context:
space:
mode:
authorAndrew White <andrew.white@unboxedconsulting.com>2016-03-01 08:48:53 +0000
committerAndrew White <andrew.white@unboxedconsulting.com>2016-03-01 08:48:53 +0000
commit6520ea5f7e2215a763ca74bf6cfa87be2347d5df (patch)
tree4943801777acd80bd9a3f9eca812f2373ce7008b /actionpack/test/controller/render_xml_test.rb
parent1d3502c32e5553d3e9e73cb7d38db0c1d6427aaf (diff)
downloadrails-6520ea5f7e2215a763ca74bf6cfa87be2347d5df.tar.gz
rails-6520ea5f7e2215a763ca74bf6cfa87be2347d5df.tar.bz2
rails-6520ea5f7e2215a763ca74bf6cfa87be2347d5df.zip
Deprecate :controller and :action path parameters
Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
Diffstat (limited to 'actionpack/test/controller/render_xml_test.rb')
-rw-r--r--actionpack/test/controller/render_xml_test.rb5
1 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/test/controller/render_xml_test.rb b/actionpack/test/controller/render_xml_test.rb
index f0fd7ddc5e..137236c496 100644
--- a/actionpack/test/controller/render_xml_test.rb
+++ b/actionpack/test/controller/render_xml_test.rb
@@ -72,7 +72,10 @@ class RenderXmlTest < ActionController::TestCase
with_routing do |set|
set.draw do
resources :customers
- get ':controller/:action'
+
+ ActiveSupport::Deprecation.silence do
+ get ':controller/:action'
+ end
end
get :render_with_object_location