actionpack 2.2.3 → 2.3.2

data/test/controller/request/xml_params_parsing_test.rb

@@ -0,0 +1,88 @@
+require 'abstract_unit'
+
+class XmlParamsParsingTest < ActionController::IntegrationTest
+  class TestController < ActionController::Base
+    class << self
+      attr_accessor :last_request_parameters
+    end
+
+    def parse
+      self.class.last_request_parameters = request.request_parameters
+      head :ok
+    end
+  end
+
+  def teardown
+    TestController.last_request_parameters = nil
+  end
+
+  test "parses hash params" do
+    with_test_routing do
+      xml = "<person><name>David</name></person>"
+      post "/parse", xml, default_headers
+      assert_response :ok
+      assert_equal({"person" => {"name" => "David"}}, TestController.last_request_parameters)
+    end
+  end
+
+  test "parses single file" do
+    with_test_routing do
+      xml = "<person><name>David</name><avatar type='file' name='me.jpg' content_type='image/jpg'>#{ActiveSupport::Base64.encode64('ABC')}</avatar></person>"
+      post "/parse", xml, default_headers
+      assert_response :ok
+
+      person = TestController.last_request_parameters
+      assert_equal "image/jpg", person['person']['avatar'].content_type
+      assert_equal "me.jpg", person['person']['avatar'].original_filename
+      assert_equal "ABC", person['person']['avatar'].read
+    end
+  end
+
+  test "parses multiple files" do
+    xml = <<-end_body
+      <person>
+        <name>David</name>
+        <avatars>
+          <avatar type='file' name='me.jpg' content_type='image/jpg'>#{ActiveSupport::Base64.encode64('ABC')}</avatar>
+          <avatar type='file' name='you.gif' content_type='image/gif'>#{ActiveSupport::Base64.encode64('DEF')}</avatar>
+        </avatars>
+      </person>
+    end_body
+
+    with_test_routing do
+      post "/parse", xml, default_headers
+      assert_response :ok
+    end
+
+    person = TestController.last_request_parameters
+
+    assert_equal "image/jpg", person['person']['avatars']['avatar'].first.content_type
+    assert_equal "me.jpg", person['person']['avatars']['avatar'].first.original_filename
+    assert_equal "ABC", person['person']['avatars']['avatar'].first.read
+
+    assert_equal "image/gif", person['person']['avatars']['avatar'].last.content_type
+    assert_equal "you.gif", person['person']['avatars']['avatar'].last.original_filename
+    assert_equal "DEF", person['person']['avatars']['avatar'].last.read
+  end
+
+  private
+    def with_test_routing
+      with_routing do |set|
+        set.draw do |map|
+          map.connect ':action', :controller => "xml_params_parsing_test/test"
+        end
+        yield
+      end
+    end
+
+    def default_headers
+      {'CONTENT_TYPE' => 'application/xml'}
+    end
+end
+
+class LegacyXmlParamsParsingTest < XmlParamsParsingTest
+  private
+    def default_headers
+      {'HTTP_X_POST_DATA_FORMAT' => 'xml'}
+    end
+end

data/test/controller/request_forgery_protection_test.rb

@@ -5,13 +5,6 @@ ActionController::Routing::Routes.draw do |map|
   map.connect ':controller/:action/:id'
 end
 
-# simulates cookie session store
-class FakeSessionDbMan
-  def self.generate_digest(data)
-    Digest::SHA1.hexdigest("secure")
-  end
-end
-
 # common controller actions
 module RequestForgeryProtectionActions
   def index
@@ -35,30 +28,11 @@ end
 
 # sample controllers
 class RequestForgeryProtectionController < ActionController::Base
-  include RequestForgeryProtectionActions
-  protect_from_forgery :only => :index, :secret => 'abc'
-end
-
-class RequestForgeryProtectionWithoutSecretController < ActionController::Base
-  include RequestForgeryProtectionActions
-  protect_from_forgery
-end
-
-# no token is given, assume the cookie store is used
-class CsrfCookieMonsterController < ActionController::Base
   include RequestForgeryProtectionActions
   protect_from_forgery :only => :index
 end
 
-# sessions are turned off
-class SessionOffController < ActionController::Base
-  protect_from_forgery :secret => 'foobar'
-  session :off
-  def rescue_action(e) raise e end
-  include RequestForgeryProtectionActions
-end
-
-class FreeCookieController < CsrfCookieMonsterController
+class FreeCookieController < RequestForgeryProtectionController
   self.allow_forgery_protection = false
   
   def index
@@ -105,17 +79,17 @@ module RequestForgeryProtectionTests
 
   def test_should_not_allow_html_post_without_token
     @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
-    assert_raises(ActionController::InvalidAuthenticityToken) { post :index, :format => :html }
+    assert_raise(ActionController::InvalidAuthenticityToken) { post :index, :format => :html }
   end
   
   def test_should_not_allow_html_put_without_token
     @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
-    assert_raises(ActionController::InvalidAuthenticityToken) { put :index, :format => :html }
+    assert_raise(ActionController::InvalidAuthenticityToken) { put :index, :format => :html }
   end
   
   def test_should_not_allow_html_delete_without_token
     @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
-    assert_raises(ActionController::InvalidAuthenticityToken) { delete :index, :format => :html }
+    assert_raise(ActionController::InvalidAuthenticityToken) { delete :index, :format => :html }
   end
 
   def test_should_allow_api_formatted_post_without_token
@@ -137,42 +111,42 @@ module RequestForgeryProtectionTests
   end
 
   def test_should_not_allow_api_formatted_post_sent_as_url_encoded_form_without_token
-    assert_raises(ActionController::InvalidAuthenticityToken) do
+    assert_raise(ActionController::InvalidAuthenticityToken) do
       @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
       post :index, :format => 'xml'
     end
   end
 
   def test_should_not_allow_api_formatted_put_sent_as_url_encoded_form_without_token
-    assert_raises(ActionController::InvalidAuthenticityToken) do
+    assert_raise(ActionController::InvalidAuthenticityToken) do
       @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
       put :index, :format => 'xml'
     end
   end
 
   def test_should_not_allow_api_formatted_delete_sent_as_url_encoded_form_without_token
-    assert_raises(ActionController::InvalidAuthenticityToken) do
+    assert_raise(ActionController::InvalidAuthenticityToken) do
       @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
       delete :index, :format => 'xml'
     end
   end
 
   def test_should_not_allow_api_formatted_post_sent_as_multipart_form_without_token
-    assert_raises(ActionController::InvalidAuthenticityToken) do
+    assert_raise(ActionController::InvalidAuthenticityToken) do
       @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s
       post :index, :format => 'xml'
     end
   end
 
   def test_should_not_allow_api_formatted_put_sent_as_multipart_form_without_token
-    assert_raises(ActionController::InvalidAuthenticityToken) do
+    assert_raise(ActionController::InvalidAuthenticityToken) do
       @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s
       put :index, :format => 'xml'
     end
   end
 
   def test_should_not_allow_api_formatted_delete_sent_as_multipart_form_without_token
-    assert_raises(ActionController::InvalidAuthenticityToken) do
+    assert_raise(ActionController::InvalidAuthenticityToken) do
       @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s
       delete :index, :format => 'xml'
     end
@@ -230,62 +204,28 @@ end
 
 # OK let's get our test on
 
-class RequestForgeryProtectionControllerTest < Test::Unit::TestCase
+class RequestForgeryProtectionControllerTest < ActionController::TestCase
   include RequestForgeryProtectionTests
   def setup
     @controller = RequestForgeryProtectionController.new
     @request    = ActionController::TestRequest.new
     @request.format = :html
     @response   = ActionController::TestResponse.new
-    class << @request.session
-      def session_id() '123' end
-    end
-    @token = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('SHA1'), 'abc', '123')
-    ActionController::Base.request_forgery_protection_token = :authenticity_token
-  end
-end
+    @token      = "cf50faa3fe97702ca1ae"
 
-class RequestForgeryProtectionWithoutSecretControllerTest < Test::Unit::TestCase
-  def setup
-    @controller = RequestForgeryProtectionWithoutSecretController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
-    class << @request.session
-      def session_id() '123' end
-    end
-    @token = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('SHA1'), 'abc', '123')
+    ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
     ActionController::Base.request_forgery_protection_token = :authenticity_token
   end
-  
-  # def test_should_raise_error_without_secret
-  #   assert_raises ActionController::InvalidAuthenticityToken do
-  #     get :index
-  #   end
-  # end
 end
 
-class CsrfCookieMonsterControllerTest < Test::Unit::TestCase
-  include RequestForgeryProtectionTests
-  def setup
-    @controller = CsrfCookieMonsterController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
-    class << @request.session
-      attr_accessor :dbman
-    end
-    # simulate a cookie session store
-    @request.session.dbman = FakeSessionDbMan
-    @token = Digest::SHA1.hexdigest("secure")
-    ActionController::Base.request_forgery_protection_token = :authenticity_token
-  end
-end
-
-class FreeCookieControllerTest < Test::Unit::TestCase
+class FreeCookieControllerTest < ActionController::TestCase
   def setup
     @controller = FreeCookieController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
-    @token      = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('SHA1'), 'abc', '123')
+    @token      = "cf50faa3fe97702ca1ae"
+
+    ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
   end
   
   def test_should_not_render_form_with_token_tag
@@ -304,24 +244,3 @@ class FreeCookieControllerTest < Test::Unit::TestCase
     end
   end
 end
-
-class SessionOffControllerTest < Test::Unit::TestCase
-  def setup
-    @controller = SessionOffController.new
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
-    @token      = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('SHA1'), 'abc', '123')
-  end
-
-  # TODO: Rewrite this test.
-  # This test was passing but for the wrong reason.
-  # Sessions aren't really being turned off, so an exception was raised
-  # because sessions weren't on - not because the token didn't match.
-  #
-  # def test_should_raise_correct_exception
-  #   @request.session = {} # session(:off) doesn't appear to work with controller tests
-  #   assert_raises(ActionController::InvalidAuthenticityToken) do
-  #     post :index, :authenticity_token => @token, :format => :html
-  #   end
-  # end
-end

data/test/controller/request_test.rb

@@ -1,7 +1,6 @@
 require 'abstract_unit'
-require 'action_controller/integration'
 
-class RequestTest < Test::Unit::TestCase
+class RequestTest < ActiveSupport::TestCase
   def setup
     ActionController::Base.relative_url_root = nil
     @request = ActionController::TestRequest.new
@@ -15,60 +14,69 @@ class RequestTest < Test::Unit::TestCase
     assert_equal '0.0.0.0', @request.remote_ip
 
     @request.remote_addr = '1.2.3.4'
-    assert_equal '1.2.3.4', @request.remote_ip(true)
+    assert_equal '1.2.3.4', @request.remote_ip
 
     @request.remote_addr = '1.2.3.4,3.4.5.6'
-    assert_equal '1.2.3.4', @request.remote_ip(true)
+    assert_equal '1.2.3.4', @request.remote_ip
 
     @request.env['HTTP_CLIENT_IP'] = '2.3.4.5'
-    assert_equal '1.2.3.4', @request.remote_ip(true)
+    assert_equal '1.2.3.4', @request.remote_ip
 
     @request.remote_addr = '192.168.0.1'
-    assert_equal '2.3.4.5', @request.remote_ip(true)
+    assert_equal '2.3.4.5', @request.remote_ip
     @request.env.delete 'HTTP_CLIENT_IP'
 
     @request.remote_addr = '1.2.3.4'
     @request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
-    assert_equal '1.2.3.4', @request.remote_ip(true)
+    assert_equal '1.2.3.4', @request.remote_ip
 
     @request.remote_addr = '127.0.0.1'
     @request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,3.4.5.6'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '172.16.0.1,3.4.5.6'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '192.168.0.1,3.4.5.6'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1,3.4.5.6'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1, 10.0.0.1, 3.4.5.6'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,3.4.5.6'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,192.168.0.1'
-    assert_equal 'unknown', @request.remote_ip(true)
+    assert_equal 'unknown', @request.remote_ip
 
     @request.env['HTTP_X_FORWARDED_FOR'] = '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4'
-    assert_equal '3.4.5.6', @request.remote_ip(true)
+    assert_equal '3.4.5.6', @request.remote_ip
 
     @request.env['HTTP_CLIENT_IP'] = '8.8.8.8'
-    e = assert_raises(ActionController::ActionControllerError) {
-      @request.remote_ip(true)
+    e = assert_raise(ActionController::ActionControllerError) {
+      @request.remote_ip
     }
     assert_match /IP spoofing attack/, e.message
     assert_match /HTTP_X_FORWARDED_FOR="9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4"/, e.message
     assert_match /HTTP_CLIENT_IP="8.8.8.8"/, e.message
 
+    # turn IP Spoofing detection off.
+    # This is useful for sites that are aimed at non-IP clients.  The typical
+    # example is WAP.  Since the cellular network is not IP based, it's a
+    # leap of faith to assume that their proxies are ever going to set the
+    # HTTP_CLIENT_IP/HTTP_X_FORWARDED_FOR headers properly.
+    ActionController::Base.ip_spoofing_check = false
+    assert_equal('8.8.8.8', @request.remote_ip)
+    ActionController::Base.ip_spoofing_check = true
+
     @request.env['HTTP_X_FORWARDED_FOR'] = '8.8.8.8, 9.9.9.9'
-    assert_equal '8.8.8.8', @request.remote_ip(true)
+    assert_equal '8.8.8.8', @request.remote_ip
 
     @request.env.delete 'HTTP_CLIENT_IP'
     @request.env.delete 'HTTP_X_FORWARDED_FOR'
@@ -181,8 +189,8 @@ class RequestTest < Test::Unit::TestCase
     @request.env['PATH_INFO'] = "/path/of/some/uri?mapped=1"
     @request.env['SCRIPT_NAME'] = "/path/dispatch.rb"
     @request.set_REQUEST_URI nil
-    assert_equal "/path/of/some/uri?mapped=1", @request.request_uri(true)
-    assert_equal "/of/some/uri", @request.path(true)
+    assert_equal "/path/of/some/uri?mapped=1", @request.request_uri
+    assert_equal "/of/some/uri", @request.path
     ActionController::Base.relative_url_root = nil
 
     @request.env['PATH_INFO'] = "/path/of/some/uri"
@@ -217,12 +225,12 @@ class RequestTest < Test::Unit::TestCase
 
     @request.set_REQUEST_URI '/hieraki/dispatch.cgi'
     ActionController::Base.relative_url_root = '/hieraki'
-    assert_equal "/dispatch.cgi", @request.path(true)
+    assert_equal "/dispatch.cgi", @request.path
     ActionController::Base.relative_url_root = nil
 
     @request.set_REQUEST_URI '/hieraki/dispatch.cgi'
     ActionController::Base.relative_url_root = '/foo'
-    assert_equal "/hieraki/dispatch.cgi", @request.path(true)
+    assert_equal "/hieraki/dispatch.cgi", @request.path
     ActionController::Base.relative_url_root = nil
 
     # This test ensures that Rails uses REQUEST_URI over PATH_INFO
@@ -230,8 +238,8 @@ class RequestTest < Test::Unit::TestCase
     @request.env['REQUEST_URI'] = "/some/path"
     @request.env['PATH_INFO'] = "/another/path"
     @request.env['SCRIPT_NAME'] = "/dispatch.cgi"
-    assert_equal "/some/path", @request.request_uri(true)
-    assert_equal "/some/path", @request.path(true)
+    assert_equal "/some/path", @request.request_uri
+    assert_equal "/some/path", @request.path
   end
 
   def test_host_with_default_port
@@ -247,13 +255,13 @@ class RequestTest < Test::Unit::TestCase
   end
 
   def test_server_software
-    assert_equal nil, @request.server_software(true)
+    assert_equal nil, @request.server_software
 
     @request.env['SERVER_SOFTWARE'] = 'Apache3.422'
-    assert_equal 'apache', @request.server_software(true)
+    assert_equal 'apache', @request.server_software
 
     @request.env['SERVER_SOFTWARE'] = 'lighttpd(1.1.4)'
-    assert_equal 'lighttpd', @request.server_software(true)
+    assert_equal 'lighttpd', @request.server_software
   end
 
   def test_xml_http_request
@@ -289,25 +297,23 @@ class RequestTest < Test::Unit::TestCase
   end
 
   def test_invalid_http_method_raises_exception
-    assert_raises(ActionController::UnknownHttpMethod) do
+    assert_raise(ActionController::UnknownHttpMethod) do
       self.request_method = :random_method
+      @request.request_method
     end
   end
 
   def test_allow_method_hacking_on_post
-    self.request_method = :post
     [:get, :head, :options, :put, :post, :delete].each do |method|
-      @request.instance_eval { @parameters = { :_method => method.to_s } ; @request_method = nil }
-      @request.request_method(true)
+      self.request_method = method
       assert_equal(method == :head ? :get : method, @request.method)
     end
   end
 
   def test_invalid_method_hacking_on_post_raises_exception
-    self.request_method = :post
-    @request.instance_eval { @parameters = { :_method => :random_method } ; @request_method = nil }
-    assert_raises(ActionController::UnknownHttpMethod) do
-      @request.request_method(true)
+    assert_raise(ActionController::UnknownHttpMethod) do
+      self.request_method = :_random_method
+      @request.request_method
     end
   end
 
@@ -385,8 +391,8 @@ class RequestTest < Test::Unit::TestCase
   end
 
   def test_parameters
-    @request.instance_eval { @request_parameters = { "foo" => 1 } }
-    @request.instance_eval { @query_parameters = { "bar" => 2 } }
+    @request.stubs(:request_parameters).returns({ "foo" => 1 })
+    @request.stubs(:query_parameters).returns({ "bar" => 2 })
 
     assert_equal({"foo" => 1, "bar" => 2}, @request.parameters)
     assert_equal({"foo" => 1}, @request.request_parameters)
@@ -396,497 +402,6 @@ class RequestTest < Test::Unit::TestCase
   protected
     def request_method=(method)
       @request.env['REQUEST_METHOD'] = method.to_s.upcase
-      @request.request_method(true)
-    end
-end
-
-class UrlEncodedRequestParameterParsingTest < Test::Unit::TestCase
-  def setup
-    @query_string = "action=create_customer&full_name=David%20Heinemeier%20Hansson&customerId=1"
-    @query_string_with_empty = "action=create_customer&full_name="
-    @query_string_with_array = "action=create_customer&selected[]=1&selected[]=2&selected[]=3"
-    @query_string_with_amps  = "action=create_customer&name=Don%27t+%26+Does"
-    @query_string_with_multiple_of_same_name =
-      "action=update_order&full_name=Lau%20Taarnskov&products=4&products=2&products=3"
-    @query_string_with_many_equal = "action=create_customer&full_name=abc=def=ghi"
-    @query_string_without_equal = "action"
-    @query_string_with_many_ampersands =
-      "&action=create_customer&&&full_name=David%20Heinemeier%20Hansson"
-    @query_string_with_empty_key = "action=create_customer&full_name=David%20Heinemeier%20Hansson&=Save"
-  end
-
-  def test_query_string
-    assert_equal(
-      { "action" => "create_customer", "full_name" => "David Heinemeier Hansson", "customerId" => "1"},
-      ActionController::AbstractRequest.parse_query_parameters(@query_string)
-    )
-  end
-
-  def test_deep_query_string
-    expected = {'x' => {'y' => {'z' => '10'}}}
-    assert_equal(expected, ActionController::AbstractRequest.parse_query_parameters('x[y][z]=10'))
-  end
-
-  def test_deep_query_string_with_array
-    assert_equal({'x' => {'y' => {'z' => ['10']}}}, ActionController::AbstractRequest.parse_query_parameters('x[y][z][]=10'))
-    assert_equal({'x' => {'y' => {'z' => ['10', '5']}}}, ActionController::AbstractRequest.parse_query_parameters('x[y][z][]=10&x[y][z][]=5'))
-  end
-
-  def test_deep_query_string_with_array_of_hash
-    assert_equal({'x' => {'y' => [{'z' => '10'}]}}, ActionController::AbstractRequest.parse_query_parameters('x[y][][z]=10'))
-    assert_equal({'x' => {'y' => [{'z' => '10', 'w' => '10'}]}}, ActionController::AbstractRequest.parse_query_parameters('x[y][][z]=10&x[y][][w]=10'))
-  end
-
-  def test_deep_query_string_with_array_of_hashes_with_one_pair
-    assert_equal({'x' => {'y' => [{'z' => '10'}, {'z' => '20'}]}}, ActionController::AbstractRequest.parse_query_parameters('x[y][][z]=10&x[y][][z]=20'))
-    assert_equal("10", ActionController::AbstractRequest.parse_query_parameters('x[y][][z]=10&x[y][][z]=20')["x"]["y"].first["z"])
-    assert_equal("10", ActionController::AbstractRequest.parse_query_parameters('x[y][][z]=10&x[y][][z]=20').with_indifferent_access[:x][:y].first[:z])
-  end
-
-  def test_deep_query_string_with_array_of_hashes_with_multiple_pairs
-    assert_equal(
-      {'x' => {'y' => [{'z' => '10', 'w' => 'a'}, {'z' => '20', 'w' => 'b'}]}},
-      ActionController::AbstractRequest.parse_query_parameters('x[y][][z]=10&x[y][][w]=a&x[y][][z]=20&x[y][][w]=b')
-    )
-  end
-
-  def test_query_string_with_nil
-    assert_equal(
-      { "action" => "create_customer", "full_name" => ''},
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_with_empty)
-    )
-  end
-
-  def test_query_string_with_array
-    assert_equal(
-      { "action" => "create_customer", "selected" => ["1", "2", "3"]},
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_with_array)
-    )
-  end
-
-  def test_query_string_with_amps
-    assert_equal(
-      { "action" => "create_customer", "name" => "Don't & Does"},
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_with_amps)
-    )
-  end
-
-  def test_query_string_with_multiple_of_same_name
-    assert_equal(
-      { "action" => "update_order", "full_name" => "Lau Taarnskov", "products" => "4" },
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_with_multiple_of_same_name)
-    )
-  end
-
-  def test_query_string_with_many_equal
-    assert_equal(
-      { "action" => "create_customer", "full_name" => "abc=def=ghi"},
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_with_many_equal)
-    )
-  end
-
-  def test_query_string_without_equal
-    assert_equal(
-      { "action" => nil },
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_without_equal)
-    )
-  end
-
-  def test_query_string_with_empty_key
-    assert_equal(
-      { "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_with_empty_key)
-    )
-  end
-
-  def test_query_string_with_many_ampersands
-    assert_equal(
-      { "action" => "create_customer", "full_name" => "David Heinemeier Hansson"},
-      ActionController::AbstractRequest.parse_query_parameters(@query_string_with_many_ampersands)
-    )
-  end
-
-  def test_unbalanced_query_string_with_array
-   assert_equal(
-     {'location' => ["1", "2"], 'age_group' => ["2"]},
-  ActionController::AbstractRequest.parse_query_parameters("location[]=1&location[]=2&age_group[]=2")
-   )
-   assert_equal(
-     {'location' => ["1", "2"], 'age_group' => ["2"]},
-     ActionController::AbstractRequest.parse_request_parameters({'location[]' => ["1", "2"],
-  'age_group[]' => ["2"]})
-   )
-  end
-
-  def test_request_hash_parsing
-    query = {
-      "note[viewers][viewer][][type]" => ["User", "Group"],
-      "note[viewers][viewer][][id]"   => ["1", "2"]
-    }
-
-    expected = { "note" => { "viewers"=>{"viewer"=>[{ "id"=>"1", "type"=>"User"}, {"type"=>"Group", "id"=>"2"} ]} } }
-
-    assert_equal(expected, ActionController::AbstractRequest.parse_request_parameters(query))
-  end
-
-  def test_parse_params
-    input = {
-      "customers[boston][first][name]" => [ "David" ],
-      "customers[boston][first][url]" => [ "http://David" ],
-      "customers[boston][second][name]" => [ "Allan" ],
-      "customers[boston][second][url]" => [ "http://Allan" ],
-      "something_else" => [ "blah" ],
-      "something_nil" => [ nil ],
-      "something_empty" => [ "" ],
-      "products[first]" => [ "Apple Computer" ],
-      "products[second]" => [ "Pc" ],
-      "" => [ 'Save' ]
-    }
-
-    expected_output =  {
-      "customers" => {
-        "boston" => {
-          "first" => {
-            "name" => "David",
-            "url" => "http://David"
-          },
-          "second" => {
-            "name" => "Allan",
-            "url" => "http://Allan"
-          }
-        }
-      },
-      "something_else" => "blah",
-      "something_empty" => "",
-      "something_nil" => "",
-      "products" => {
-        "first" => "Apple Computer",
-        "second" => "Pc"
-      }
-    }
-
-    assert_equal expected_output, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  UploadedStringIO = ActionController::UploadedStringIO
-  class MockUpload < UploadedStringIO
-    def initialize(content_type, original_path, *args)
-      self.content_type = content_type
-      self.original_path = original_path
-      super *args
-    end
-  end
-
-  def test_parse_params_from_multipart_upload
-    file = MockUpload.new('img/jpeg', 'foo.jpg')
-    ie_file = MockUpload.new('img/jpeg', 'c:\\Documents and Settings\\foo\\Desktop\\bar.jpg')
-    non_file_text_part = MockUpload.new('text/plain', '', 'abc')
-
-    input = {
-      "something" => [ UploadedStringIO.new("") ],
-      "array_of_stringios" => [[ UploadedStringIO.new("One"), UploadedStringIO.new("Two") ]],
-      "mixed_types_array" => [[ UploadedStringIO.new("Three"), "NotStringIO" ]],
-      "mixed_types_as_checkboxes[strings][nested]" => [[ file, "String", UploadedStringIO.new("StringIO")]],
-      "ie_mixed_types_as_checkboxes[strings][nested]" => [[ ie_file, "String", UploadedStringIO.new("StringIO")]],
-      "products[string]" => [ UploadedStringIO.new("Apple Computer") ],
-      "products[file]" => [ file ],
-      "ie_products[string]" => [ UploadedStringIO.new("Microsoft") ],
-      "ie_products[file]" => [ ie_file ],
-      "text_part" => [non_file_text_part]
-      }
-
-    expected_output =  {
-      "something" => "",
-      "array_of_stringios" => ["One", "Two"],
-      "mixed_types_array" => [ "Three", "NotStringIO" ],
-      "mixed_types_as_checkboxes" => {
-         "strings" => {
-            "nested" => [ file, "String", "StringIO" ]
-         },
-      },
-      "ie_mixed_types_as_checkboxes" => {
-         "strings" => {
-            "nested" => [ ie_file, "String", "StringIO" ]
-         },
-      },
-      "products" => {
-        "string" => "Apple Computer",
-        "file" => file
-      },
-      "ie_products" => {
-        "string" => "Microsoft",
-        "file" => ie_file
-      },
-      "text_part" => "abc"
-    }
-
-    params = ActionController::AbstractRequest.parse_request_parameters(input)
-    assert_equal expected_output, params
-
-    # Lone filenames are preserved.
-    assert_equal 'foo.jpg', params['mixed_types_as_checkboxes']['strings']['nested'].first.original_filename
-    assert_equal 'foo.jpg', params['products']['file'].original_filename
-
-    # But full Windows paths are reduced to their basename.
-    assert_equal 'bar.jpg', params['ie_mixed_types_as_checkboxes']['strings']['nested'].first.original_filename
-    assert_equal 'bar.jpg', params['ie_products']['file'].original_filename
-  end
-
-  def test_parse_params_with_file
-    input = {
-      "customers[boston][first][name]" => [ "David" ],
-      "something_else" => [ "blah" ],
-      "logo" => [ File.new(File.dirname(__FILE__) + "/cgi_test.rb").path ]
-    }
-
-    expected_output = {
-      "customers" => {
-        "boston" => {
-          "first" => {
-            "name" => "David"
-          }
-        }
-      },
-      "something_else" => "blah",
-      "logo" => File.new(File.dirname(__FILE__) + "/cgi_test.rb").path,
-    }
-
-    assert_equal expected_output, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_array
-    input = { "selected[]" =>  [ "1", "2", "3" ] }
-
-    expected_output = { "selected" => [ "1", "2", "3" ] }
-
-    assert_equal expected_output, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_non_alphanumeric_name
-    input     = { "a/b[c]" =>  %w(d) }
-    expected  = { "a/b" => { "c" => "d" }}
-    assert_equal expected, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_single_brackets_in_middle
-    input     = { "a/b[c]d" =>  %w(e) }
-    expected  = { "a/b" => {} }
-    assert_equal expected, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_separated_brackets
-    input     = { "a/b@[c]d[e]" =>  %w(f) }
-    expected  = { "a/b@" => { }}
-    assert_equal expected, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_separated_brackets_and_array
-    input     = { "a/b@[c]d[e][]" =>  %w(f) }
-    expected  = { "a/b@" => { }}
-    assert_equal expected , ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_unmatched_brackets_and_array
-    input     = { "a/b@[c][d[e][]" =>  %w(f) }
-    expected  = { "a/b@" => { "c" => { }}}
-    assert_equal expected, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_nil_key
-    input = { nil => nil, "test2" => %w(value1) }
-    expected = { "test2" => "value1" }
-    assert_equal expected, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_array_prefix_and_hashes
-    input = { "a[][b][c]" => %w(d) }
-    expected = {"a" => [{"b" => {"c" => "d"}}]}
-    assert_equal expected, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-
-  def test_parse_params_with_complex_nesting
-    input = { "a[][b][c][][d][]" => %w(e) }
-    expected = {"a" => [{"b" => {"c" => [{"d" => ["e"]}]}}]}
-    assert_equal expected, ActionController::AbstractRequest.parse_request_parameters(input)
-  end
-end
-
-class MultipartRequestParameterParsingTest < Test::Unit::TestCase
-  FIXTURE_PATH = File.dirname(__FILE__) + '/../fixtures/multipart'
-
-  def test_single_parameter
-    params = process('single_parameter')
-    assert_equal({ 'foo' => 'bar' }, params)
-  end
-
-  def test_bracketed_param
-    assert_equal({ 'foo' => { 'baz' => 'bar'}}, process('bracketed_param'))
-  end
-
-  def test_text_file
-    params = process('text_file')
-    assert_equal %w(file foo), params.keys.sort
-    assert_equal 'bar', params['foo']
-
-    file = params['file']
-    assert_kind_of StringIO, file
-    assert_equal 'file.txt', file.original_filename
-    assert_equal "text/plain", file.content_type
-    assert_equal 'contents', file.read
-  end
-
-  def test_boundary_problem_file
-    params = process('boundary_problem_file')
-    assert_equal %w(file foo), params.keys.sort
-
-    file = params['file']
-    foo  = params['foo']
-
-    assert_kind_of Tempfile, file
-
-    assert_equal 'file.txt', file.original_filename
-    assert_equal "text/plain", file.content_type
-
-    assert_equal 'bar', foo
-  end
-
-  def test_large_text_file
-    params = process('large_text_file')
-    assert_equal %w(file foo), params.keys.sort
-    assert_equal 'bar', params['foo']
-
-    file = params['file']
-
-    assert_kind_of Tempfile, file
-
-    assert_equal 'file.txt', file.original_filename
-    assert_equal "text/plain", file.content_type
-    assert ('a' * 20480) == file.read
-  end
-
-  uses_mocha "test_no_rewind_stream" do
-    def test_no_rewind_stream
-      # Ensures that parse_multipart_form_parameters works with streams that cannot be rewound
-      file = File.open(File.join(FIXTURE_PATH, 'large_text_file'), 'rb')
-      file.expects(:rewind).raises(Errno::ESPIPE)
-      params = ActionController::AbstractRequest.parse_multipart_form_parameters(file, 'AaB03x', file.stat.size, {})
-      assert_not_equal 0, file.pos  # file was not rewound after reading
-    end
-  end
-
-  def test_binary_file
-    params = process('binary_file')
-    assert_equal %w(file flowers foo), params.keys.sort
-    assert_equal 'bar', params['foo']
-
-    file = params['file']
-    assert_kind_of StringIO, file
-    assert_equal 'file.csv', file.original_filename
-    assert_nil file.content_type
-    assert_equal 'contents', file.read
-
-    file = params['flowers']
-    assert_kind_of StringIO, file
-    assert_equal 'flowers.jpg', file.original_filename
-    assert_equal "image/jpeg", file.content_type
-    assert_equal 19512, file.size
-    #assert_equal File.read(File.dirname(__FILE__) + '/../../../activerecord/test/fixtures/flowers.jpg'), file.read
-  end
-
-  def test_mixed_files
-    params = process('mixed_files')
-    assert_equal %w(files foo), params.keys.sort
-    assert_equal 'bar', params['foo']
-
-    # Ruby CGI doesn't handle multipart/mixed for us.
-    files = params['files']
-    assert_kind_of String, files
-    files.force_encoding('ASCII-8BIT') if files.respond_to?(:force_encoding)
-    assert_equal 19756, files.size
-  end
-
-  private
-    def process(name)
-      File.open(File.join(FIXTURE_PATH, name), 'rb') do |file|
-        params = ActionController::AbstractRequest.parse_multipart_form_parameters(file, 'AaB03x', file.stat.size, {})
-        assert_equal 0, file.pos  # file was rewound after reading
-        params
-      end
-    end
-end
-
-class XmlParamsParsingTest < Test::Unit::TestCase
-  def test_hash_params
-    person = parse_body("<person><name>David</name></person>")[:person]
-    assert_kind_of Hash, person
-    assert_equal 'David', person['name']
-  end
-
-  def test_single_file
-    person = parse_body("<person><name>David</name><avatar type='file' name='me.jpg' content_type='image/jpg'>#{ActiveSupport::Base64.encode64('ABC')}</avatar></person>")
-
-    assert_equal "image/jpg", person['person']['avatar'].content_type
-    assert_equal "me.jpg", person['person']['avatar'].original_filename
-    assert_equal "ABC", person['person']['avatar'].read
-  end
-
-  def test_multiple_files
-    person = parse_body(<<-end_body)
-      <person>
-        <name>David</name>
-        <avatars>
-          <avatar type='file' name='me.jpg' content_type='image/jpg'>#{ActiveSupport::Base64.encode64('ABC')}</avatar>
-          <avatar type='file' name='you.gif' content_type='image/gif'>#{ActiveSupport::Base64.encode64('DEF')}</avatar>
-        </avatars>
-      </person>
-    end_body
-
-    assert_equal "image/jpg", person['person']['avatars']['avatar'].first.content_type
-    assert_equal "me.jpg", person['person']['avatars']['avatar'].first.original_filename
-    assert_equal "ABC", person['person']['avatars']['avatar'].first.read
-
-    assert_equal "image/gif", person['person']['avatars']['avatar'].last.content_type
-    assert_equal "you.gif", person['person']['avatars']['avatar'].last.original_filename
-    assert_equal "DEF", person['person']['avatars']['avatar'].last.read
-  end
-
-  private
-    def parse_body(body)
-      env = { 'rack.input'     => StringIO.new(body),
-              'CONTENT_TYPE'   => 'application/xml',
-              'CONTENT_LENGTH' => body.size.to_s }
-      ActionController::RackRequest.new(env).request_parameters
-    end
-end
-
-class LegacyXmlParamsParsingTest < XmlParamsParsingTest
-  private
-    def parse_body(body)
-      env = { 'rack.input'              => StringIO.new(body),
-              'HTTP_X_POST_DATA_FORMAT' => 'xml',
-              'CONTENT_LENGTH'          => body.size.to_s }
-      ActionController::RackRequest.new(env).request_parameters
-    end
-end
-
-class JsonParamsParsingTest < Test::Unit::TestCase
-  def test_hash_params_for_application_json
-    person = parse_body({:person => {:name => "David"}}.to_json,'application/json')[:person]
-    assert_kind_of Hash, person
-    assert_equal 'David', person['name']
-  end
-
-  def test_hash_params_for_application_jsonrequest
-    person = parse_body({:person => {:name => "David"}}.to_json,'application/jsonrequest')[:person]
-    assert_kind_of Hash, person
-    assert_equal 'David', person['name']
-  end
-
-  private
-    def parse_body(body,content_type)
-      env = { 'rack.input'     => StringIO.new(body),
-              'CONTENT_TYPE'   => content_type,
-              'CONTENT_LENGTH' => body.size.to_s }
-      ActionController::RackRequest.new(env).request_parameters
+      @request.request_method = nil # Reset the ivar cache
     end
 end