From 6520ea5f7e2215a763ca74bf6cfa87be2347d5df Mon Sep 17 00:00:00 2001
From: Andrew White <andrew.white@unboxedconsulting.com>
Date: Tue, 1 Mar 2016 08:48:53 +0000
Subject: Deprecate :controller and :action path parameters

Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
---
 actionpack/test/dispatch/session/cache_store_test.rb     | 4 +++-
 actionpack/test/dispatch/session/cookie_store_test.rb    | 4 +++-
 actionpack/test/dispatch/session/mem_cache_store_test.rb | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

(limited to 'actionpack/test/dispatch/session')

diff --git a/actionpack/test/dispatch/session/cache_store_test.rb b/actionpack/test/dispatch/session/cache_store_test.rb
index dbb996973d..769de1a1e0 100644
--- a/actionpack/test/dispatch/session/cache_store_test.rb
+++ b/actionpack/test/dispatch/session/cache_store_test.rb
@@ -164,7 +164,9 @@ class CacheStoreTest < ActionDispatch::IntegrationTest
     def with_test_route_set
       with_routing do |set|
         set.draw do
-          get ':action', :to => ::CacheStoreTest::TestController
+          ActiveSupport::Deprecation.silence do
+            get ':action', :to => ::CacheStoreTest::TestController
+          end
         end
 
         @app = self.class.build_app(set) do |middleware|
diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb
index f07e215e3a..09cb1d925f 100644
--- a/actionpack/test/dispatch/session/cookie_store_test.rb
+++ b/actionpack/test/dispatch/session/cookie_store_test.rb
@@ -345,7 +345,9 @@ class CookieStoreTest < ActionDispatch::IntegrationTest
     def with_test_route_set(options = {})
       with_routing do |set|
         set.draw do
-          get ':action', :to => ::CookieStoreTest::TestController
+          ActiveSupport::Deprecation.silence do
+            get ':action', :to => ::CookieStoreTest::TestController
+          end
         end
 
         options = { :key => SessionKey }.merge!(options)
diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb
index 3fed9bad4f..18cb227dad 100644
--- a/actionpack/test/dispatch/session/mem_cache_store_test.rb
+++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb
@@ -187,7 +187,9 @@ class MemCacheStoreTest < ActionDispatch::IntegrationTest
     def with_test_route_set
       with_routing do |set|
         set.draw do
-          get ':action', :to => ::MemCacheStoreTest::TestController
+          ActiveSupport::Deprecation.silence do
+            get ':action', :to => ::MemCacheStoreTest::TestController
+          end
         end
 
         @app = self.class.build_app(set) do |middleware|
-- 
cgit v1.2.3