meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2025-12-19 23:11:12 +00:00
Code Issues Releases Wiki Activity

Creating a wiki page named "Sidebar" without proper permission raises an exception (#23700).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@15749 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2016-08-30 19:21:42 +00:00
parent 0925ce756c
commit 650a64cb00
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/wiki_controller.rb
View File

@ -62,10 +62,12 @@ class WikiController < ApplicationController
def new def new
@page = WikiPage.new(:wiki => @wiki, :title => params[:title]) @page = WikiPage.new(:wiki => @wiki, :title => params[:title])
unless User.current.allowed_to?(:edit_wiki_pages, @project) && editable? unless User.current.allowed_to?(:edit_wiki_pages, @project)
render_403 render_403
return
end end
if request.post? if request.post?
@page.title = '' unless editable?
@page.validate @page.validate
if @page.errors[:title].blank? if @page.errors[:title].blank?
path = project_wiki_page_path(@project, @page.title) path = project_wiki_page_path(@project, @page.title)

9
test/functional/wiki_controller_test.rb
View File

@ -216,6 +216,15 @@ class WikiControllerTest < Redmine::ControllerTest
assert_select_error 'Title has already been taken' assert_select_error 'Title has already been taken'
end end
def test_post_new_with_protected_title_should_display_errors
Role.find(1).remove_permission!(:protect_wiki_pages)
@request.session[:user_id] = 2
post :new, :params => {:project_id => 'ecookbook', :title => 'Sidebar'}
assert_response :success
assert_select_error /Title/
end
def test_post_new_xhr_with_invalid_title_should_display_errors def test_post_new_xhr_with_invalid_title_should_display_errors
@request.session[:user_id] = 2 @request.session[:user_id] = 2