Commit 4eaca6dc authored by Laurent Bachelier's avatar Laurent Bachelier

Only simulate the HTTP method when in POST

Accepting GET is more dangerous than useful.
parent 17d7dafa
......@@ -171,14 +171,14 @@ class Action(object):
"""
req = self.ctx.req
method = req.method
if method in ('POST', 'GET'):
param_method = req.str_params.get('_method')
if method == 'POST':
param_method = req.str_POST.get('_method')
if param_method:
# it's silly to simulate these requests with a _method param
if param_method not in ('HEAD', 'GET', 'POST'):
method = param_method
else:
if param_method in ('HEAD', 'GET', 'POST'):
method = None
else:
method = param_method
if method in self.METHODS:
return getattr(self, method.lower(), self._unhandled_method)()
return self._unhandled_method()
......
......@@ -125,12 +125,7 @@ class BaseWebTest(TestCase):
self.app.get('/?action=login', status=200)
self.app.post('/?action=login', status=200)
self.app.post('/?action=login&_method=DELETE', status=405)
self.app.post('/?action=login', {'_method': 'DELETE'}, status=405)
self.app.post('/?_method=GET', status=405)
self.app.post('/?action=login&_method=HEAD', status=405)
self.app.post('/?action=login&_method=HEAD', status=405)
self.app.get('/?action=login&_method=GET', status=405)
self.app.get('/?action=login&_method=PUT', status=405)
self.app.get('/?action=login&_method=PENGUIN', status=405)
self.app.post('/?action=login', {'_method': 'HEAD'}, status=405)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment