3 files changed, 4 insertions, 3 deletions

diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb
index 26edca3b69..f43ae721c6 100644
--- a/actionpack/lib/action_controller/mime_type.rb
+++ b/actionpack/lib/action_controller/mime_type.rb
@@ -19,7 +19,7 @@ module Mime
   #     end
   #   end
   class Type
-    @@html_types = Set.new [:html, :all]
+    @@html_types = Set.new [:html, :url_encoded_form, :multipart_form, :all]
     @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml]
     cattr_reader :html_types, :unverifiable_types
 
@@ -167,7 +167,7 @@ module Mime
     # Returns true if Action Pack should check requests using this Mime Type for possible request forgery.  See
     # ActionController::RequestForgerProtection.
     def verify_request?
-      !@@unverifiable_types.include?(to_sym)
+      html?
     end
 
     def html?
diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb
index 05a6d8bb79..3e0e94a06b 100644
--- a/actionpack/lib/action_controller/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/request_forgery_protection.rb
@@ -99,7 +99,7 @@ module ActionController #:nodoc:
       end
     
       def verifiable_request_format?
-        request.content_type.nil? || request.content_type.verify_request?
+        !request.content_type.nil? && request.content_type.verify_request?
       end
     
       # Sets the token value for the current session.  Pass a <tt>:secret</tt> option
diff --git a/actionpack/lib/action_controller/test_process.rb b/actionpack/lib/action_controller/test_process.rb
index 7a31f0e8d5..1e3a646bc9 100644
--- a/actionpack/lib/action_controller/test_process.rb
+++ b/actionpack/lib/action_controller/test_process.rb
@@ -395,6 +395,7 @@ module ActionController #:nodoc:
 
       @html_document = nil
       @request.env['REQUEST_METHOD'] ||= "GET"
+
       @request.action = action.to_s
 
       parameters ||= {}