This project is archived and is in readonly mode.

Changeset [2a986200b9a6be0f68a0db504dc478da04842dee] by Peter Jones

May 11th, 2008 @ 07:27 PM

Bug: Earlier Check for Session in Forgery Protection

The session is used by the form_authenticity_token method before it is

tested to be valid. This patch moves a few lines around so that the

session is validated first.

Without this patch, if you try to use forgery protection with sessions

turned off, you get this exception message:

undefined method `session_id' for {}:Hash

The patch includes a test that can be used to see this behavior before

the request_forgery_protection.rb file is patched to fix it.

Committed by Repository

  • M actionpack/lib/action_controller/request_forgery_protection.rb
  • M actionpack/test/controller/request_forgery_protection_test.rb

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>