Shared publicly  - 
Beware of "match" when using Rails and $_REQUEST in PHP. Use separate actions for GET and requests that change state. It may be possible to bypass built-in security mechanisms, such as CSRF filters, by sending GET requests where the developer expected POST or other state changing request.
Add a comment...