From 85b0098b1c694de2859ac2aa4b864a6cb947c916 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 2 Aug 2017 15:31:21 +0100
Subject: [PATCH] Make sure the account form is POSTed

Fixes #1601
---
 app/views/user/account.html.erb          | 2 +-
 test/controllers/user_controller_test.rb | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/views/user/account.html.erb b/app/views/user/account.html.erb
index 752d1cd01..92b3407bf 100644
--- a/app/views/user/account.html.erb
+++ b/app/views/user/account.html.erb
@@ -11,7 +11,7 @@
 <% end %>
 
 <%= error_messages_for current_user %>
-<%= form_for current_user, :url => { :action => :account }, :html => { :multipart => true, :id => 'accountForm', :class => 'standard-form', :autocomplete => :off } do |f| %>
+<%= form_for current_user, :url => { :action => :account }, :method => :post, :html => { :multipart => true, :id => 'accountForm', :class => 'standard-form', :autocomplete => :off } do |f| %>
   <fieldset>
     <div class="form-row">
       <label class="standard-label"><%= t 'user.new.display name' %></label>
diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb
index 4dcb1108a..1404fc795 100644
--- a/test/controllers/user_controller_test.rb
+++ b/test/controllers/user_controller_test.rb
@@ -784,6 +784,7 @@ class UserControllerTest < ActionController::TestCase
     assert_template :account
     assert_select "form#accountForm" do |form|
       assert_equal "post", form.attr("method").to_s
+      assert_select "input[name='_method']", false
       assert_equal "/user/#{URI.encode(user.display_name)}/account", form.attr("action").to_s
     end
 
-- 
2.43.2