diff options
| author | Rick Olson <technoweenie@gmail.com> | 2007-09-23 02:32:55 +0000 |
|---|---|---|
| committer | Rick Olson <technoweenie@gmail.com> | 2007-09-23 02:32:55 +0000 |
| commit | 4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be (patch) | |
| tree | 1904187d3254fdc42681471e67608615993a355d /actionpack/test/template | |
| parent | 3dea8b580b9c67bb27c01290fb3b17f446544b78 (diff) | |
| download | rails-4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be.tar.gz rails-4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be.tar.bz2 rails-4e3ed5bc44f6cd20c9e353ab63fd24b92a7942be.zip | |
Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/test/template')
5 files changed, 22 insertions, 0 deletions
diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb index af63a056f8..9b22d4cef3 100644 --- a/actionpack/test/template/form_helper_test.rb +++ b/actionpack/test/template/form_helper_test.rb @@ -711,4 +711,8 @@ class FormHelperTest < Test::Unit::TestCase def post_path(post) "/posts/#{post.id}" end + + def request_forgery_protection_token + nil + end end diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb index c582c26c68..f2c6678ddd 100644 --- a/actionpack/test/template/form_tag_helper_test.rb +++ b/actionpack/test/template/form_tag_helper_test.rb @@ -177,4 +177,9 @@ class FormTagHelperTest < Test::Unit::TestCase expected = %(<fieldset>Hello world!</fieldset>) assert_dom_equal expected, _erbout end + + def request_forgery_protection_token + nil + + end end diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb index 4adfc90180..7bb4245c58 100644 --- a/actionpack/test/template/prototype_helper_test.rb +++ b/actionpack/test/template/prototype_helper_test.rb @@ -60,6 +60,11 @@ module BaseTest end protected + + def request_forgery_protection_token + nil + end + def create_generator block = Proc.new { |*args| yield *args if block_given? } JavaScriptGenerator.new self, &block diff --git a/actionpack/test/template/scriptaculous_helper_test.rb b/actionpack/test/template/scriptaculous_helper_test.rb index 514ba9107e..722839f15e 100644 --- a/actionpack/test/template/scriptaculous_helper_test.rb +++ b/actionpack/test/template/scriptaculous_helper_test.rb @@ -89,4 +89,8 @@ class ScriptaculousHelperTest < Test::Unit::TestCase assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nDroppables.add(\"droptarget1\", {accept:['tshirts','mugs'], onDrop:function(element){new Ajax.Updater('infobox', 'http://www.example.com/', {asynchronous:true, evalScripts:true, parameters:'id=' + encodeURIComponent(element.id)})}})\n//]]>\n</script>), drop_receiving_element("droptarget1", :accept => ['tshirts','mugs'], :update => 'infobox') end + + def request_forgery_protection_token + nil + end end diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index db1e226a7e..5707beeab1 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -267,6 +267,10 @@ class UrlHelperTest < Test::Unit::TestCase assert_dom_equal "<a href=\"mailto:%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">me(at)domain(dot)com</a>", mail_to("me@domain.com", nil, :encode => "hex", :replace_at => "(at)", :replace_dot => "(dot)") assert_dom_equal "<script type=\"text/javascript\">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)") end + + def request_forgery_protection_token + nil + end end class UrlHelperWithControllerTest < Test::Unit::TestCase |