diff options
| author | Nick Sieger <nick@nicksieger.com> | 2016-07-27 11:58:55 -0500 |
|---|---|---|
| committer | Nick Sieger <nick@nicksieger.com> | 2016-07-27 11:58:55 -0500 |
| commit | 407583478ad6d171ae72f81c560bf01c1446117f (patch) | |
| tree | e087bad3bcc693b6a1fdcd70b67653bcaeab04f4 /actionpack | |
| parent | 7e6996a1b36cdf8158a27eeaa7e6d97a05994707 (diff) | |
| download | rails-407583478ad6d171ae72f81c560bf01c1446117f.tar.gz rails-407583478ad6d171ae72f81c560bf01c1446117f.tar.bz2 rails-407583478ad6d171ae72f81c560bf01c1446117f.zip | |
Reset rack.input when the environment is scrubbed for the next request
Before this change, posted parameters would leak across requests. The included
test case failed like so:
1) Failure:
TestCaseTest#test_multiple_mixed_method_process_should_scrub_rack_input:
--- expected
+++ actual
@@ -1 +1 @@
-{"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}
+{"foo"=>"an foo", "bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}
An argument could be made that this situation isn't encountered often and that
one should limit the number of requests per test case, but I still think the
parameter leaking is an unexpected side-effect.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/test_case.rb | 1 | ||||
| -rw-r--r-- | actionpack/test/controller/test_case_test.rb | 8 |
2 files changed, 9 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index b1b3e87934..6c5d7b5e37 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -620,6 +620,7 @@ module ActionController env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ } env.delete 'action_dispatch.request.query_parameters' env.delete 'action_dispatch.request.request_parameters' + env['rack.input'] = StringIO.new env end diff --git a/actionpack/test/controller/test_case_test.rb b/actionpack/test/controller/test_case_test.rb index ea59156f65..e288b51716 100644 --- a/actionpack/test/controller/test_case_test.rb +++ b/actionpack/test/controller/test_case_test.rb @@ -854,6 +854,14 @@ XML assert_nil cookies['foo'] end + def test_multiple_mixed_method_process_should_scrub_rack_input + post :test_params, params: { id: 1, foo: 'an foo' } + assert_equal({"id"=>"1", "foo" => "an foo", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body)) + + get :test_params, params: { bar: 'an bar' } + assert_equal({"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body)) + end + %w(controller response request).each do |variable| %w(get post put delete head process).each do |method| define_method("test_#{variable}_missing_for_#{method}_raises_error") do |