diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 6fd4f25..7be137e 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -50,7 +50,9 @@ class IssuesController < ApplicationController
   verify :method => [:post, :delete],
          :only => :destroy,
          :render => { :nothing => true, :status => :method_not_allowed }
-           
+
+  verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
+  
   def index
     retrieve_query
     sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index fd9177a..06f70c0 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -657,6 +657,20 @@ class IssuesControllerTest < ActionController::TestCase
     assert_select_rjs :show, "update"
   end
 
+  def test_update_using_invalid_http_verbs
+    @request.session[:user_id] = 2
+    subject = 'Updated by an invalid http verb'
+
+    get :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+
+    post :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+
+    delete :update, :id => 1, :issue => {:subject => subject}
+    assert_not_equal subject, Issue.find(1).subject
+  end
+
   def test_put_update_without_custom_fields_param
     @request.session[:user_id] = 2
     ActionMailer::Base.deliveries.clear