> So can you reduce it to minimal example (ie what is the one other test
> it needs to run with in order to fail) ?
>
> Also I think your code has a security weakness - some one could set up
> params such that params[:page] had the value :inline => "<%=
> system('rm -rf /') %>
>
> FredWell, the test is pretty minimal as it is. I don't know how to simplify it further. The first 'show' test works, but I included it so you know what the intention was. The second test is the one that fails - it cannot find the /public/404 page. I wasn't aware of this security vulnerability though. How can I write the controller in the same way without the security problem? I don't want to make a bunch of static actions for 20 different static pages :( -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
