This would not happen with normal use of a modern framework.

cookiecaper · on July 27, 2015

Not sure how you're defining "modern", but it did happen with Ruby on Rails 2.x. I bet I could recreate it in a Rails 4 app.

Yes, there are things that could've been done to prevent this bug from happening, like using Rails's validation mechanisms to reject any POST that didn't contain the field, but that's not really the point. The point is that simple, subtle bugs can and do sneak into production codebases, and more-exhaustive-than-usual testing is needed for anything used to control account access like password resets.

EarthLaunch · on July 27, 2015

Rails isn't modern. I assume though that at least it does support validation, which is exactly the point. Building a bunch of tests in order to avoid college-level development practices would be a waste. Tests are valuable, but as an additional level of protection on top of good - or just regular - practices.

KurtMueller · on July 27, 2015

What are some examples of a modern framework?

EarthLaunch · on July 27, 2015

Laravel and Yii are my favorites in PHP. Both borrowed concepts from Rails, but brought in the maturity of older PHP frameworks.

merb · on July 28, 2015

> maturity of older PHP frameworks.

I mean Laravel is somewhat good. But there wasn't a real mature PHP Framework in the past. Especially not as mature than Rails, Django.

jdmichal · on July 27, 2015

> Rails isn't modern.

You are using a drastically different version of modern than normal English usage. Where's that Scotsman when you need him?