diff options
author | José Valim <jose.valim@gmail.com> | 2010-11-28 22:26:16 +0100 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2011-02-08 14:04:19 -0800 |
commit | b93c590297ba65a6c5b18655a7790163abcb06f1 (patch) | |
tree | 3bf754e587dd7540d328d0c64c9b036d8d48a5a8 /actionpack/test | |
parent | 3ddd7f7ec9b156e4b7de4c23d448c2db98f30504 (diff) | |
download | rails-b93c590297ba65a6c5b18655a7790163abcb06f1.tar.gz rails-b93c590297ba65a6c5b18655a7790163abcb06f1.tar.bz2 rails-b93c590297ba65a6c5b18655a7790163abcb06f1.zip |
Ensure render is case sensitive even on systems with case-insensitive filesystems.
This fixes CVE-2011-0449
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/controller/render_test.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index fca8de60bc..be492152f2 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -125,6 +125,10 @@ class TestController < ActionController::Base render :action => "hello_world" end + def render_action_upcased_hello_world + render :action => "Hello_world" + end + def render_action_hello_world_as_string render "hello_world" end @@ -742,6 +746,12 @@ class RenderTest < ActionController::TestCase assert_template "test/hello_world" end + def test_render_action_upcased + assert_raise ActionView::MissingTemplate do + get :render_action_upcased_hello_world + end + end + # :ported: def test_render_action_hello_world_as_string get :render_action_hello_world_as_string |