diff options
| author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2012-08-30 16:36:59 -0500 |
|---|---|---|
| committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2012-09-16 23:58:21 -0500 |
| commit | 1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5 (patch) | |
| tree | 5901dbcaf12030a473edb6f463e8e4af9fe6391a /railties/test | |
| parent | 1e1bee3ab985e47fae49d9fd5d2ca946f5d9c533 (diff) | |
| download | rails-1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5.tar.gz rails-1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5.tar.bz2 rails-1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5.zip | |
Add config.action_controller.permit_all_attributes to bypass StrongParameters protection
Diffstat (limited to 'railties/test')
| -rw-r--r-- | railties/test/application/configuration_test.rb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index cac9fa3525..ed51949b1e 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -560,6 +560,28 @@ module ApplicationTests assert_equal '{"title"=>"foo"}', last_response.body end + test "config.action_controller.permit_all_parameters = true" do + app_file 'app/controllers/posts_controller.rb', <<-RUBY + class PostsController < ActionController::Base + def create + render :text => params[:post].permitted? ? "permitted" : "forbidden" + end + end + RUBY + + add_to_config <<-RUBY + routes.prepend do + resources :posts + end + config.action_controller.permit_all_parameters = true + RUBY + + require "#{app_path}/config/environment" + + post "/posts", {:post => {"title" =>"zomg"}} + assert_equal 'permitted', last_response.body + end + test "config.action_dispatch.ignore_accept_header" do make_basic_app do |app| app.config.action_dispatch.ignore_accept_header = true |