meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2026-02-01 03:57:15 +00:00
Code Issues Releases Wiki Activity

Fixes the request method filtering in sudo mode (#42194),

Browse Source 
Patch by Holger Just (user:hjust),


git-svn-id: https://svn.redmine.org/redmine/trunk@23520 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Marius Balteanu 2025-03-06 21:45:46 +00:00
parent 40b6dce2de
commit 4fd86cc7c1
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/redmine/sudo_mode.rb
View File

@ -153,7 +153,7 @@ module Redmine
# Before Filter which is used by the require_sudo_mode class method.
class SudoRequestFilter < Struct.new(:parameters, :request_methods)
def before(controller)
method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol)
method_matches = request_methods.blank? || request_methods.include?(controller.request.request_method_symbol)
if controller.api_request?
true
elsif SudoMode.possible? && method_matches

2
test/integration/sudo_mode_test.rb
View File

@ -190,7 +190,7 @@ class SudoModeTest < Redmine::IntegrationTest
expire_sudo_mode!
get '/my/account'
assert_response :success
put('/my/account', :params => {:user => {:mail => 'newmail@test.com'}})
post('/my/account', :params => {:_method => 'put', :user => {:mail => 'newmail@test.com'}})
assert_response :success
assert_select 'h2', 'Confirm your password to continue'
assert_select 'form[action="/my/account"]'