From 56cdc81c08b1847c5c1f699810a8c3b9ac3715a6 Mon Sep 17 00:00:00 2001
From: Jose and Yehuda <wycats@gmail.com>
Date: Tue, 24 Apr 2012 22:32:09 -0500
Subject: Remove default match without specified method

In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.

In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.

This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.

Closes #5964
---
 actionpack/test/template/url_helper_test.rb | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'actionpack/test/template/url_helper_test.rb')

diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index 88f506b217..eaa8bdbd26 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -15,9 +15,9 @@ class UrlHelperTest < ActiveSupport::TestCase
 
   routes = ActionDispatch::Routing::RouteSet.new
   routes.draw do
-    match "/" => "foo#bar"
-    match "/other" => "foo#other"
-    match "/article/:id" => "foo#article", :as => :article
+    get "/" => "foo#bar"
+    get "/other" => "foo#other"
+    get "/article/:id" => "foo#article", :as => :article
   end
 
   include routes.url_helpers
@@ -471,25 +471,25 @@ end
 class UrlHelperControllerTest < ActionController::TestCase
   class UrlHelperController < ActionController::Base
     test_routes do
-      match 'url_helper_controller_test/url_helper/show/:id',
+      get 'url_helper_controller_test/url_helper/show/:id',
         :to => 'url_helper_controller_test/url_helper#show',
         :as => :show
 
-      match 'url_helper_controller_test/url_helper/profile/:name',
+      get 'url_helper_controller_test/url_helper/profile/:name',
         :to => 'url_helper_controller_test/url_helper#show',
         :as => :profile
 
-      match 'url_helper_controller_test/url_helper/show_named_route',
+      get 'url_helper_controller_test/url_helper/show_named_route',
         :to => 'url_helper_controller_test/url_helper#show_named_route',
         :as => :show_named_route
 
-      match "/:controller(/:action(/:id))"
+      get "/:controller(/:action(/:id))"
 
-      match 'url_helper_controller_test/url_helper/normalize_recall_params',
+      get 'url_helper_controller_test/url_helper/normalize_recall_params',
         :to => UrlHelperController.action(:normalize_recall),
         :as => :normalize_recall_params
 
-      match '/url_helper_controller_test/url_helper/override_url_helper/default',
+      get '/url_helper_controller_test/url_helper/override_url_helper/default',
         :to => 'url_helper_controller_test/url_helper#override_url_helper',
         :as => :override_url_helper
     end
-- 
cgit v1.2.3