From 8d37bd08eeac6d0e94f76ac6640e288bf64595b2 Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Wed, 14 May 2008 13:00:09 -0500
Subject: =?UTF-8?q?Protect=20#filter=5Fparameters=20created=20by=20filter?=
 =?UTF-8?q?=5Fparameter=5Flogging=20[Jos=C3=A9=20Valim]=20[#196=20state:re?=
 =?UTF-8?q?solved]?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 actionpack/test/controller/filter_params_test.rb | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

(limited to 'actionpack/test')

diff --git a/actionpack/test/controller/filter_params_test.rb b/actionpack/test/controller/filter_params_test.rb
index 11adacb5e3..c9688b2063 100644
--- a/actionpack/test/controller/filter_params_test.rb
+++ b/actionpack/test/controller/filter_params_test.rb
@@ -7,14 +7,14 @@ class FilterParamTest < Test::Unit::TestCase
   def setup
     @controller = FilterParamController.new
   end
-  
+
   def test_filter_parameters
     assert FilterParamController.respond_to?(:filter_parameter_logging)
     assert !@controller.respond_to?(:filter_parameters)
-    
+
     FilterParamController.filter_parameter_logging
     assert @controller.respond_to?(:filter_parameters)
-    
+
     test_hashes = [[{},{},[]],
     [{'foo'=>nil},{'foo'=>nil},[]],
     [{'foo'=>'bar'},{'foo'=>'bar'},[]],
@@ -24,11 +24,11 @@ class FilterParamTest < Test::Unit::TestCase
     [{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'],
     [{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'],
     [{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana']]
-    
+
     test_hashes.each do |before_filter, after_filter, filter_words|
       FilterParamController.filter_parameter_logging(*filter_words)
-      assert_equal after_filter, @controller.filter_parameters(before_filter)
-      
+      assert_equal after_filter, @controller.send!(:filter_parameters, before_filter)
+
       filter_words.push('blah')
       FilterParamController.filter_parameter_logging(*filter_words) do |key, value|
         value.reverse! if key =~ /bargain/
@@ -37,7 +37,13 @@ class FilterParamTest < Test::Unit::TestCase
       before_filter['barg'] = {'bargain'=>'gain', 'blah'=>'bar', 'bar'=>{'bargain'=>{'blah'=>'foo'}}}
       after_filter['barg'] = {'bargain'=>'niag', 'blah'=>'[FILTERED]', 'bar'=>{'bargain'=>{'blah'=>'[FILTERED]'}}}
 
-      assert_equal after_filter, @controller.filter_parameters(before_filter)
+      assert_equal after_filter, @controller.send!(:filter_parameters, before_filter)
     end
   end
+
+  def test_filter_parameters_is_protected
+    FilterParamController.filter_parameter_logging
+    assert !@controller.send!(:action_methods).include?(:filter_parameters)
+    assert (begin @controller.filter_parameters rescue true end)
+  end
 end
-- 
cgit v1.2.3