Peter Jones 2a986200b9 Bug: Earlier Check for Session in Forgery Protection ...

The session is used by the form_authenticity_token method before it is
tested to be valid.  This patch moves a few lines around so that the
session is validated first.

Without this patch, if you try to use forgery protection with sessions
turned off, you get this exception message:

  undefined method `session_id' for {}:Hash

The patch includes a test that can be used to see this behavior before
the request_forgery_protection.rb file is patched to fix it.

2008-05-11 13:27:34 -05:00

..

activerecord

Make render shorthands work with namespaced controllers

2008-05-10 11:28:19 +01:00

controller

Bug: Earlier Check for Session in Forgery Protection

2008-05-11 13:27:34 -05:00

fixtures

Improve PartialTemplate tests

2008-05-02 10:45:08 +01:00

template

ActionView::InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap

2008-05-08 23:40:25 -05:00

abstract_unit.rb

Remove unused ignore_missing_templates option

2008-04-19 19:26:56 +01:00

active_record_unit.rb

* Continue evolution toward ActiveSupport::TestCase and friends. #10679 [Josh Peek]

2008-01-05 13:34:15 +00:00

adv_attr_test.rb

Add some tests for adv_attr_accessor. Closes #10633 [fcheung]

2008-01-12 03:06:10 +00:00

testing_sandbox.rb

Ruby 1.9 compat: text helper

2007-12-21 11:51:17 +00:00