diff options
author | David Heinemeier Hansson <david@loudthinking.com> | 2008-01-11 16:25:23 +0000 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2008-01-11 16:25:23 +0000 |
commit | 5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb (patch) | |
tree | a6dd78c9386d5c0615e161643808f4a2536bfc65 /actionpack/test | |
parent | 104f31af1dc412160b624da1b09c5456fa862f53 (diff) | |
download | rails-5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb.tar.gz rails-5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb.tar.bz2 rails-5d1a305f066daf5a60b2b1158d5d2aeae6fe32cb.zip |
Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used (closes #10739) [jeremyevans]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8626 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/template/active_record_helper_test.rb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/actionpack/test/template/active_record_helper_test.rb b/actionpack/test/template/active_record_helper_test.rb index 499f5e7fc1..31fe7bbc29 100644 --- a/actionpack/test/template/active_record_helper_test.rb +++ b/actionpack/test/template/active_record_helper_test.rb @@ -86,6 +86,11 @@ class ActiveRecordHelperTest < Test::Unit::TestCase @user.email = "" end + + def protect_against_forgery? + @protect_against_forgery ? true : false + end + attr_accessor :request_forgery_protection_token, :form_authenticity_token def setup setup_post @@ -140,6 +145,23 @@ class ActiveRecordHelperTest < Test::Unit::TestCase form("post") ) end + + def test_form_with_protect_against_forgery + @protect_against_forgery = true + @request_forgery_protection_token = 'authenticity_token' + @form_authenticity_token = '123' + assert_dom_equal( + %(<form action="create" method="post"><div style='margin:0;padding:0'><input type='hidden' name='authenticity_token' value='123' /></div><p><label for="post_title">Title</label><br /><input id="post_title" name="post[title]" size="30" type="text" value="Hello World" /></p>\n<p><label for="post_body">Body</label><br /><div class="fieldWithErrors"><textarea cols="40" id="post_body" name="post[body]" rows="20">Back to the hill and over it again!</textarea></div></p><input name="commit" type="submit" value="Create" /></form>), + form("post") + ) + end + + def test_form_with_method_option + assert_dom_equal( + %(<form action="create" method="get"><p><label for="post_title">Title</label><br /><input id="post_title" name="post[title]" size="30" type="text" value="Hello World" /></p>\n<p><label for="post_body">Body</label><br /><div class="fieldWithErrors"><textarea cols="40" id="post_body" name="post[body]" rows="20">Back to the hill and over it again!</textarea></div></p><input name="commit" type="submit" value="Create" /></form>), + form("post", :method=>'get') + ) + end def test_form_with_action_option @response.body = form("post", :action => "sign") |