diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2012-02-13 21:04:01 -0800 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2012-02-13 21:04:01 -0800 |
| commit | bd90f9e95d5e26afc867533360b06f5e1043a9e8 (patch) | |
| tree | ee90082041b0c43976542e6f718a88d40aec9b46 /actionpack | |
| parent | 11d1bdc09e91f1d77c36b7afeef912de0b94f331 (diff) | |
| parent | 7ce85e210eae680bc1c0400e37a0855e9eec03a2 (diff) | |
| download | rails-bd90f9e95d5e26afc867533360b06f5e1043a9e8.tar.gz rails-bd90f9e95d5e26afc867533360b06f5e1043a9e8.tar.bz2 rails-bd90f9e95d5e26afc867533360b06f5e1043a9e8.zip | |
Merge pull request #3305 from cjolly/request_filtered_env
Exclude rack.request.form_vars from request.filtered_env
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/filter_parameters.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/integration_test.rb | 33 |
2 files changed, 34 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb index 02a15ad599..132b0c82bc 100644 --- a/actionpack/lib/action_dispatch/http/filter_parameters.rb +++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb @@ -50,7 +50,7 @@ module ActionDispatch end def env_filter - parameter_filter_for(Array(@env["action_dispatch.parameter_filter"]) << /RAW_POST_DATA/) + parameter_filter_for(Array(@env["action_dispatch.parameter_filter"]) + [/RAW_POST_DATA/, "rack.request.form_vars"]) end def parameter_filter_for(filters) diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index a328372cff..99e1dc7966 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -535,3 +535,36 @@ class ApplicationIntegrationTest < ActionDispatch::IntegrationTest assert_equal old_env, env end end + +class EnvironmentFilterIntegrationTest < ActionDispatch::IntegrationTest + class TestController < ActionController::Base + def post + render :text => "Created", :status => 201 + end + end + + def self.call(env) + env["action_dispatch.parameter_filter"] = [:password] + routes.call(env) + end + + def self.routes + @routes ||= ActionDispatch::Routing::RouteSet.new + end + + routes.draw do + match '/post', :to => 'environment_filter_integration_test/test#post', :via => :post + end + + def app + self.class + end + + test "filters rack request form vars" do + post "/post", :username => 'cjolly', :password => 'secret' + + assert_equal 'cjolly', request.filtered_parameters['username'] + assert_equal '[FILTERED]', request.filtered_parameters['password'] + assert_equal '[FILTERED]', request.filtered_env['rack.request.form_vars'] + end +end |