Ensure the previous pages params aren't passed through redirect

2009-01-19 13:56:22 -05:00 · 2009-01-19 13:56:22 -05:00 · 14d114ce1d
parent ced63f6e5a
commit 14d114ce1d
5 changed files with 37 additions and 4 deletions
--- a/lib/webrat/core/session.rb
+++ b/lib/webrat/core/session.rb
@ -112,7 +112,7 @@ For example:
      @http_method  = http_method
      @data         = data

-      request_page(response_location, :get, data) if internal_redirect?
+      request_page(response_location, :get, {}) if internal_redirect?

      return response
    end
--- a/spec/integration/rails/app/controllers/webrat_controller.rb
+++ b/spec/integration/rails/app/controllers/webrat_controller.rb
@ -12,13 +12,24 @@ class WebratController < ApplicationController
  def submit
    render :text => "OK"
  end
-
+  
  def internal_redirect
-    redirect_to :submit
+    redirect_to submit_path
  end
  
  def external_redirect
    redirect_to "http://google.com"
  end

+  def before_redirect_form
+  end
+  
+  def redirect_to_show_params
+    redirect_to show_params_path(:custom_param => "123")
+  end
+  
+  def show_params
+    render :text => params.to_json
+  end
+  
 end
--- a/spec/integration/rails/app/views/webrat/before_redirect_form.html.erb
+++ b/spec/integration/rails/app/views/webrat/before_redirect_form.html.erb
@ -0,0 +1,7 @@
+<% form_tag redirect_to_show_params_path do %>
+  <label>
+    Text field <%= text_field_tag "text_field" %>
+  </label>
+  
+  <%= submit_tag "Test" %>
+<% end %>
--- a/spec/integration/rails/config/routes.rb
+++ b/spec/integration/rails/config/routes.rb
@ -3,7 +3,11 @@ ActionController::Routing::Routes.draw do |map|
    webrat.submit             "/submit",            :action => "submit"
    webrat.internal_redirect  "/internal_redirect", :action => "internal_redirect"
    webrat.external_redirect  "/external_redirect", :action => "external_redirect"
-
+    
+    webrat.before_redirect_form     "/before_redirect_form",    :action => "before_redirect_form"
+    webrat.redirect_to_show_params  "/redirect_to_show_params", :action => "redirect_to_show_params"
+    webrat.show_params              "/show_params",             :action => "show_params"
+    
    webrat.root :action => "form"
  end
 end
--- a/spec/integration/rails/test/integration/webrat_test.rb
+++ b/spec/integration/rails/test/integration/webrat_test.rb
@ -21,8 +21,19 @@ class WebratTest < ActionController::IntegrationTest
    assert field_labeled("Prefilled").value, "text"
  end
  
+  test "should not carry params through redirects" do
+    visit before_redirect_form_path
+    fill_in "Text field", :with => "value"
+    click_button
+    
+    assert response.body !~ /value/
+    assert response.body =~ /custom_param/
+  end
+  
  test "should follow internal redirects" do
    visit internal_redirect_path
+    
+    assert !response.redirect?
    assert response.body.include?("OK")
  end