diff options
| author | Jose and Yehuda <wycats@gmail.com> | 2012-04-24 22:32:09 -0500 |
|---|---|---|
| committer | Jose and Yehuda <wycats@gmail.com> | 2012-04-24 22:52:26 -0500 |
| commit | 56cdc81c08b1847c5c1f699810a8c3b9ac3715a6 (patch) | |
| tree | a896641a85a55eab01eb74a129dbcbb09f7f8b6b /actionpack/test/template/url_helper_test.rb | |
| parent | 0cc32c5fd7f875de61262b430bca23825691899b (diff) | |
| download | rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.tar.gz rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.tar.bz2 rails-56cdc81c08b1847c5c1f699810a8c3b9ac3715a6.zip | |
Remove default match without specified method
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
Diffstat (limited to 'actionpack/test/template/url_helper_test.rb')
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index 88f506b217..eaa8bdbd26 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -15,9 +15,9 @@ class UrlHelperTest < ActiveSupport::TestCase routes = ActionDispatch::Routing::RouteSet.new routes.draw do - match "/" => "foo#bar" - match "/other" => "foo#other" - match "/article/:id" => "foo#article", :as => :article + get "/" => "foo#bar" + get "/other" => "foo#other" + get "/article/:id" => "foo#article", :as => :article end include routes.url_helpers @@ -471,25 +471,25 @@ end class UrlHelperControllerTest < ActionController::TestCase class UrlHelperController < ActionController::Base test_routes do - match 'url_helper_controller_test/url_helper/show/:id', + get 'url_helper_controller_test/url_helper/show/:id', :to => 'url_helper_controller_test/url_helper#show', :as => :show - match 'url_helper_controller_test/url_helper/profile/:name', + get 'url_helper_controller_test/url_helper/profile/:name', :to => 'url_helper_controller_test/url_helper#show', :as => :profile - match 'url_helper_controller_test/url_helper/show_named_route', + get 'url_helper_controller_test/url_helper/show_named_route', :to => 'url_helper_controller_test/url_helper#show_named_route', :as => :show_named_route - match "/:controller(/:action(/:id))" + get "/:controller(/:action(/:id))" - match 'url_helper_controller_test/url_helper/normalize_recall_params', + get 'url_helper_controller_test/url_helper/normalize_recall_params', :to => UrlHelperController.action(:normalize_recall), :as => :normalize_recall_params - match '/url_helper_controller_test/url_helper/override_url_helper/default', + get '/url_helper_controller_test/url_helper/override_url_helper/default', :to => 'url_helper_controller_test/url_helper#override_url_helper', :as => :override_url_helper end |