From f0570a3d3fa85ba0153d61c90bad6db648144256 Mon Sep 17 00:00:00 2001
From: Tobias Pfeiffer <tobias.pfeiffer@student.hpi.uni-potsdam.de>
Date: Mon, 24 Feb 2014 17:05:42 +0100
Subject: Honor public/private in ActionView::Helpers::Tags::Base#value

* use public_send instead of send to avoid calling private
  methods in form helpers
---
 actionview/test/template/form_helper_test.rb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'actionview/test/template')

diff --git a/actionview/test/template/form_helper_test.rb b/actionview/test/template/form_helper_test.rb
index f2238d1443..36e3e64688 100644
--- a/actionview/test/template/form_helper_test.rb
+++ b/actionview/test/template/form_helper_test.rb
@@ -158,6 +158,12 @@ class FormHelperTest < ActionView::TestCase
     assert_raise(NotImplementedError) { FooTag.new.render }
   end
 
+  def test_tags_base_value_honors_public_private
+    test_object = Class.new { private def my_method ; end }.new
+    tag = ActionView::Helpers::Tags::Base.new 'test_object', :my_method, nil
+    assert_raise(NoMethodError) { tag.send :value, test_object }
+  end
+
   def test_label
     assert_dom_equal('<label for="post_title">Title</label>', label("post", "title"))
     assert_dom_equal(
-- 
cgit v1.2.3