Point 1: It's *only* actions which inherit from FilterAction that aren't checking the method. Everything else does. The code for filters just happens to be special-cased for various reasons. That doesn't excuse that code path not checking the action method, though.
Point 2: While search ought to be a GET request, for the sake of enforcing the method checking, it should be marked as a POST with a TODO to figure out how to fix that issue in the long run.
Point 1: It's *only* actions which inherit from FilterAction that aren't checking the method. Everything else does. The code for filters just happens to be special-cased for various reasons. That doesn't excuse that code path not checking the action method, though.
Point 2: While search ought to be a GET request, for the sake of enforcing the method checking, it should be marked as a POST with a TODO to figure out how to fix that issue in the long run.