Remove default match without specified method

In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
author: Jose and Yehuda <wycats@gmail.com> 2012-04-24 22:32:09 -0500
committer: Jose and Yehuda <wycats@gmail.com> 2012-04-24 22:52:26 -0500
commit: 56cdc81c08b1847c5c1f699810a8c3b9ac3715a6 (patch)
tree: a896641a85a55eab01eb74a129dbcbb09f7f8b6b /actionpack/test/dispatch/request
parent: 0cc32c5fd7f875de61262b430bca23825691899b (diff)
download: rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.tar.gz
rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.tar.bz2
rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.zip
5 files changed, 7 insertions, 7 deletions
diff --git a/actionpack/test/dispatch/request/json_params_parsing_test.rb b/actionpack/test/dispatch/request/json_params_parsing_test.rb
index ae425dd406..302bff0696 100644
--- a/actionpack/test/dispatch/request/json_params_parsing_test.rb
+++ b/actionpack/test/dispatch/request/json_params_parsing_test.rb
@@ -65,7 +65,7 @@ class JsonParamsParsingTest < ActionDispatch::IntegrationTest
     def with_test_routing
       with_routing do |set|
         set.draw do
-          match ':action', :to => ::JsonParamsParsingTest::TestController
+          post ':action', :to => ::JsonParamsParsingTest::TestController
         end
         yield
       end
@@ -118,7 +118,7 @@ class RootLessJSONParamsParsingTest < ActionDispatch::IntegrationTest
     def with_test_routing(controller)
       with_routing do |set|
         set.draw do
-          match ':action', :to => controller
+          post ':action', :to => controller
         end
         yield
       end
diff --git a/actionpack/test/dispatch/request/multipart_params_parsing_test.rb b/actionpack/test/dispatch/request/multipart_params_parsing_test.rb
index d144f013f5..63c5ea26a6 100644
--- a/actionpack/test/dispatch/request/multipart_params_parsing_test.rb
+++ b/actionpack/test/dispatch/request/multipart_params_parsing_test.rb
@@ -144,7 +144,7 @@ class MultipartParamsParsingTest < ActionDispatch::IntegrationTest
     def with_test_routing
       with_routing do |set|
         set.draw do
-          match ':action', :to => 'multipart_params_parsing_test/test'
+          post ':action', :to => 'multipart_params_parsing_test/test'
         end
         yield
       end
diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb
index f6a1475d04..d14f188e30 100644
--- a/actionpack/test/dispatch/request/query_string_parsing_test.rb
+++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb
@@ -109,7 +109,7 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest
     def assert_parses(expected, actual)
       with_routing do |set|
         set.draw do
-          match ':action', :to => ::QueryStringParsingTest::TestController
+          get ':action', :to => ::QueryStringParsingTest::TestController
         end
 
         get "/parse", actual
diff --git a/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb b/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb
index 05569561d2..568e220b15 100644
--- a/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb
+++ b/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb
@@ -130,7 +130,7 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest
     def with_test_routing
       with_routing do |set|
         set.draw do
-          match ':action', :to => ::UrlEncodedParamsParsingTest::TestController
+          post ':action', :to => ::UrlEncodedParamsParsingTest::TestController
         end
         yield
       end
diff --git a/actionpack/test/dispatch/request/xml_params_parsing_test.rb b/actionpack/test/dispatch/request/xml_params_parsing_test.rb
index afd400c2a9..84823e2896 100644
--- a/actionpack/test/dispatch/request/xml_params_parsing_test.rb
+++ b/actionpack/test/dispatch/request/xml_params_parsing_test.rb
@@ -106,7 +106,7 @@ class XmlParamsParsingTest < ActionDispatch::IntegrationTest
     def with_test_routing
       with_routing do |set|
         set.draw do
-          match ':action', :to => ::XmlParamsParsingTest::TestController
+          post ':action', :to => ::XmlParamsParsingTest::TestController
         end
         yield
       end
@@ -155,7 +155,7 @@ class RootLessXmlParamsParsingTest < ActionDispatch::IntegrationTest
     def with_test_routing
       with_routing do |set|
         set.draw do
-          match ':action', :to => ::RootLessXmlParamsParsingTest::TestController
+          post ':action', :to => ::RootLessXmlParamsParsingTest::TestController
         end
         yield
       end
author	Jose and Yehuda <wycats@gmail.com>	2012-04-24 22:32:09 -0500
committer	Jose and Yehuda <wycats@gmail.com>	2012-04-24 22:52:26 -0500
commit	56cdc81c08b1847c5c1f699810a8c3b9ac3715a6 (patch)
tree	a896641a85a55eab01eb74a129dbcbb09f7f8b6b /actionpack/test/dispatch/request
parent	0cc32c5fd7f875de61262b430bca23825691899b (diff)
download	rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.tar.gz rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.tar.bz2 rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.zip