From 58b996f9b03668573fef2696d583ff04191a5fa7 Mon Sep 17 00:00:00 2001
From: Rick Olson <technoweenie@gmail.com>
Date: Tue, 1 Aug 2006 03:02:31 +0000
Subject: Restrict Request Method hacking with ?_method to POST requests. 
 [Rick Olson]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4644 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/lib/action_controller/request.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index 0802353405..35a486fee4 100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -15,8 +15,8 @@ module ActionController
 
     # Returns the HTTP request method as a lowercase symbol (:get, for example)
     def method
-      @request_method ||= (method = parameters[:_method] && method == :post) ?
-        method.to_s.downcase.to_sym :
+      @request_method ||= (!parameters[:_method].blank? && @env['REQUEST_METHOD'] == 'POST') ?
+        parameters[:_method].to_s.downcase.to_sym :
         @env['REQUEST_METHOD'].downcase.to_sym
     end
 
-- 
cgit v1.2.3