diff options
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 7 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/routing/mapper.rb | 7 | ||||
| -rw-r--r-- | actionpack/test/dispatch/routing_test.rb | 15 |
3 files changed, 29 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index fd3f9eb72d..d4201e35b1 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,10 @@ +* Added verification of route constraints given as a Proc or an object responding + to `:matches?`. Previously, when given an non-complying object, it would just + silently fail to enforce the constraint. It will now raise an ArgumentError + when setting up the routes. + + *Xavier Defrang* + * Properly treat the entire IPv6 User Local Address space as private for purposes of remote IP detection. Also handle uppercase private IPv6 addresses. diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb index 400956adee..6c4c7c8d80 100644 --- a/actionpack/lib/action_dispatch/routing/mapper.rb +++ b/actionpack/lib/action_dispatch/routing/mapper.rb @@ -159,6 +159,8 @@ module ActionDispatch @defaults[key] ||= default end end + elsif options[:constraints] + verify_callable_constraint(options[:constraints]) end if Regexp === options[:format] @@ -168,6 +170,11 @@ module ActionDispatch end end + def verify_callable_constraint(callable_constraint) + return if callable_constraint.respond_to?(:call) || callable_constraint.respond_to?(:matches?) + raise ArgumentError, "Invalid constraint: #{callable_constraint.inspect} must respond to :call or :matches?" + end + def normalize_conditions! @conditions[:path_info] = path diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index b22a56bb27..52fc7b3243 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -4111,6 +4111,21 @@ class TestFormatConstraints < ActionDispatch::IntegrationTest end end +class TestCallableConstraintValidation < ActionDispatch::IntegrationTest + + def test_constraint_with_object_not_callable + assert_raise(ArgumentError) do + ActionDispatch::Routing::RouteSet.new.tap do |app| + app.draw do + ok = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, []] } + get '/test', to: ok, constraints: Object.new + end + end + end + end + +end + class TestRouteDefaults < ActionDispatch::IntegrationTest stub_controllers do |routes| Routes = routes |