aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test')
-rw-r--r--actionpack/test/controller/render_test.rb11
1 files changed, 11 insertions, 0 deletions
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb
index db73de6010..f205b96ce8 100644
--- a/actionpack/test/controller/render_test.rb
+++ b/actionpack/test/controller/render_test.rb
@@ -66,6 +66,10 @@ class TestController < ActionController::Base
render params[:id] # => String, AC:Params
end
+ def dynamic_render_permit
+ render params[:id].permit(:file)
+ end
+
def dynamic_render_with_file
# This is extremely bad, but should be possible to do.
file = params[:id] # => String, AC:Params
@@ -273,6 +277,13 @@ class ExpiresInRenderTest < ActionController::TestCase
end
end
+ def test_permitted_dynamic_render_file_hash
+ assert File.exist?(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb'))
+ response = get :dynamic_render_permit, { id: { file: '../\\../test/abstract_unit.rb' } }
+ assert_equal File.read(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb')),
+ response.body
+ end
+
def test_dynamic_render_file_hash
assert_raises ArgumentError do
get :dynamic_render, params: { id: { file: '../\\../test/abstract_unit.rb' } }
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 14:16:11 +0000