diff options
| author | Will Bryant <will.bryant@gmail.com> | 2012-01-24 00:10:13 +1300 |
|---|---|---|
| committer | Piotr Sarnacki <drogus@gmail.com> | 2012-04-30 00:17:27 -0700 |
| commit | e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 (patch) | |
| tree | 2b81a1f7e8f599dab03f1c35e68984ce6ee9ae6a /actionpack | |
| parent | a72fe84d00724ccb6d60f82ce90e36a8c0f1c1ae (diff) | |
| download | rails-e3069c64b2c5ddc7a5789b55b8efd4902d9e9729.tar.gz rails-e3069c64b2c5ddc7a5789b55b8efd4902d9e9729.tar.bz2 rails-e3069c64b2c5ddc7a5789b55b8efd4902d9e9729.zip | |
fix the Flash middleware loading the session on every request (very dangerous especially with Rack::Cache), it should only be loaded when the flash method is called
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/test_case.rb | 1 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/flash.rb | 9 |
2 files changed, 3 insertions, 7 deletions
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index 05e3cd40b5..67c55a7f40 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -460,7 +460,6 @@ module ActionController @request.session = ActionController::TestSession.new(session) if session @request.session["flash"] = @request.flash.update(flash || {}) - @request.session["flash"].sweep @controller.request = @request build_request_uri(action, parameters) diff --git a/actionpack/lib/action_dispatch/middleware/flash.rb b/actionpack/lib/action_dispatch/middleware/flash.rb index bc5b163931..6f97c06b6b 100644 --- a/actionpack/lib/action_dispatch/middleware/flash.rb +++ b/actionpack/lib/action_dispatch/middleware/flash.rb @@ -4,7 +4,7 @@ module ActionDispatch # read a notice you put there or <tt>flash["notice"] = "hello"</tt> # to put a new one. def flash - @env[Flash::KEY] ||= (session["flash"] || Flash::FlashHash.new) + @env[Flash::KEY] ||= (session["flash"] || Flash::FlashHash.new).tap(&:sweep) end end @@ -235,10 +235,6 @@ module ActionDispatch end def call(env) - if (session = env['rack.session']) && (flash = session['flash']) - flash.sweep - end - @app.call(env) ensure session = env['rack.session'] || {} @@ -255,7 +251,8 @@ module ActionDispatch env[KEY] = new_hash end - if session.key?('flash') && session['flash'].empty? + if (!session.respond_to?(:loaded?) || session.loaded?) && # (reset_session uses {}, which doesn't implement #loaded?) + session.key?('flash') && session['flash'].empty? session.delete('flash') end end |