This project is archived and is in readonly mode.
Changeset [2a986200b9a6be0f68a0db504dc478da04842dee] by Peter Jones
May 11th, 2008 @ 07:27 PM
Bug: Earlier Check for Session in Forgery Protection
The session is used by the form_authenticity_token method before it is
tested to be valid. This patch moves a few lines around so that the
session is validated first.
Without this patch, if you try to use forgery protection with sessions
turned off, you get this exception message:
undefined method `session_id' for {}:Hash
The patch includes a test that can be used to see this behavior before
the request_forgery_protection.rb file is patched to fix it.
Committed by Repository
- M actionpack/lib/action_controller/request_forgery_protection.rb
- M actionpack/test/controller/request_forgery_protection_test.rb
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>