Rails 2.1.1

Among other things, a security fix.
2008-09-07 00:54:05 -05:00 · 2008-09-07 00:54:05 -05:00 · d4f97345db
commit d4f97345db
parent d2c4c8737c
354 changed files with 21027 additions and 3072 deletions
--- a/vendor/rails/actionpack/test/controller/verification_test.rb
+++ b/vendor/rails/actionpack/test/controller/verification_test.rb
@ -21,10 +21,10 @@ class VerificationTest < Test::Unit::TestCase

    verify :only => :guarded_by_method, :method => :post,
           :redirect_to => { :action => "unguarded" }
-           
+
    verify :only => :guarded_by_xhr, :xhr => true,
           :redirect_to => { :action => "unguarded" }
-           
+
    verify :only => :guarded_by_not_xhr, :xhr => false,
           :redirect_to => { :action => "unguarded" }

@ -39,10 +39,13 @@ class VerificationTest < Test::Unit::TestCase

    verify :only => :no_default_action, :params => "santa"

+    verify :only => :guarded_with_back, :method => :post,
+           :redirect_to => :back
+
    def guarded_one
      render :text => "#{params[:one]}"
    end
-    
+
    def guarded_one_for_named_route_test
      render :text => "#{params[:one]}"
    end
@ -70,11 +73,11 @@ class VerificationTest < Test::Unit::TestCase
    def guarded_by_method
      render :text => "#{request.method}"
    end
-    
+
    def guarded_by_xhr
      render :text => "#{request.xhr?}"
    end
-    
+
    def guarded_by_not_xhr
      render :text => "#{request.xhr?}"
    end
@ -86,15 +89,19 @@ class VerificationTest < Test::Unit::TestCase
    def two_redirects
      render :nothing => true
    end
-    
+
    def must_be_post
      render :text => "Was a post!"
    end
-    
+
+    def guarded_with_back
+      render :text => "#{params[:one]}"
+    end
+
    def no_default_action
      # Will never run
    end
-    
+
    protected
      def rescue_action(e) raise end

@ -109,7 +116,17 @@ class VerificationTest < Test::Unit::TestCase
    @response   = ActionController::TestResponse.new
    ActionController::Routing::Routes.add_named_route :foo, '/foo', :controller => 'test', :action => 'foo'
  end
-  
+
+  def test_using_symbol_back_with_no_referrer
+    assert_raise(ActionController::RedirectBackError) { get :guarded_with_back }
+  end
+
+  def test_using_symbol_back_redirects_to_referrer
+    @request.env["HTTP_REFERER"] = "/foo"
+    get :guarded_with_back
+    assert_redirected_to '/foo'
+  end
+
  def test_no_deprecation_warning_for_named_route
    assert_not_deprecated do
      get :guarded_one_for_named_route_test, :two => "not one"
@ -209,44 +226,44 @@ class VerificationTest < Test::Unit::TestCase
    get :guarded_by_method
    assert_redirected_to :action => "unguarded"
  end
-  
+
  def test_guarded_by_xhr_with_prereqs
    xhr :post, :guarded_by_xhr
    assert_equal "true", @response.body
  end
-    
+
  def test_guarded_by_xhr_without_prereqs
    get :guarded_by_xhr
    assert_redirected_to :action => "unguarded"
  end
-  
+
  def test_guarded_by_not_xhr_with_prereqs
    get :guarded_by_not_xhr
    assert_equal "false", @response.body
  end
-    
+
  def test_guarded_by_not_xhr_without_prereqs
    xhr :post, :guarded_by_not_xhr
    assert_redirected_to :action => "unguarded"
  end
-  
+
  def test_guarded_post_and_calls_render_succeeds
    post :must_be_post
    assert_equal "Was a post!", @response.body
  end
-    
+
  def test_default_failure_should_be_a_bad_request
    post :no_default_action
    assert_response :bad_request
  end
-    
+
  def test_guarded_post_and_calls_render_fails_and_sets_allow_header
    get :must_be_post
    assert_response 405
    assert_equal "Must be post", @response.body
    assert_equal "POST", @response.headers["Allow"]
  end
-  
+
  def test_second_redirect
    assert_nothing_raised { get :two_redirects }
  end