aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorJeremy Kemper <jeremy@bitsweat.net>2012-02-13 21:04:01 -0800
committerJeremy Kemper <jeremy@bitsweat.net>2012-02-13 21:04:01 -0800
commitbd90f9e95d5e26afc867533360b06f5e1043a9e8 (patch)
treeee90082041b0c43976542e6f718a88d40aec9b46 /actionpack
parent11d1bdc09e91f1d77c36b7afeef912de0b94f331 (diff)
parent7ce85e210eae680bc1c0400e37a0855e9eec03a2 (diff)
downloadrails-bd90f9e95d5e26afc867533360b06f5e1043a9e8.tar.gz
rails-bd90f9e95d5e26afc867533360b06f5e1043a9e8.tar.bz2
rails-bd90f9e95d5e26afc867533360b06f5e1043a9e8.zip
Merge pull request #3305 from cjolly/request_filtered_env
Exclude rack.request.form_vars from request.filtered_env
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_dispatch/http/filter_parameters.rb2
-rw-r--r--actionpack/test/controller/integration_test.rb33
2 files changed, 34 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb
index 02a15ad599..132b0c82bc 100644
--- a/actionpack/lib/action_dispatch/http/filter_parameters.rb
+++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb
@@ -50,7 +50,7 @@ module ActionDispatch
end
def env_filter
- parameter_filter_for(Array(@env["action_dispatch.parameter_filter"]) << /RAW_POST_DATA/)
+ parameter_filter_for(Array(@env["action_dispatch.parameter_filter"]) + [/RAW_POST_DATA/, "rack.request.form_vars"])
end
def parameter_filter_for(filters)
diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb
index a328372cff..99e1dc7966 100644
--- a/actionpack/test/controller/integration_test.rb
+++ b/actionpack/test/controller/integration_test.rb
@@ -535,3 +535,36 @@ class ApplicationIntegrationTest < ActionDispatch::IntegrationTest
assert_equal old_env, env
end
end
+
+class EnvironmentFilterIntegrationTest < ActionDispatch::IntegrationTest
+ class TestController < ActionController::Base
+ def post
+ render :text => "Created", :status => 201
+ end
+ end
+
+ def self.call(env)
+ env["action_dispatch.parameter_filter"] = [:password]
+ routes.call(env)
+ end
+
+ def self.routes
+ @routes ||= ActionDispatch::Routing::RouteSet.new
+ end
+
+ routes.draw do
+ match '/post', :to => 'environment_filter_integration_test/test#post', :via => :post
+ end
+
+ def app
+ self.class
+ end
+
+ test "filters rack request form vars" do
+ post "/post", :username => 'cjolly', :password => 'secret'
+
+ assert_equal 'cjolly', request.filtered_parameters['username']
+ assert_equal '[FILTERED]', request.filtered_parameters['password']
+ assert_equal '[FILTERED]', request.filtered_env['rack.request.form_vars']
+ end
+end