meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2026-01-31 19:47:14 +00:00
Code Issues Releases Wiki Activity

Explicitly render a 404 on non-JS requests to messages#quote (#39999).

Browse Source 
Patch by Holger Just (@hjust).

git-svn-id: https://svn.redmine.org/redmine/trunk@22584 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Marius Balteanu 2024-01-03 01:19:25 +00:00
parent 73477b41eb
commit fe9fd97f6d
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/messages_controller.rb
View File

@ -125,6 +125,11 @@ class MessagesController < ApplicationController
@content = +"#{ll(Setting.default_language, :text_user_wrote_in, {:value => @message.author, :link => "message##{@message.id}"})}\n> "
end
@content << @message.content.to_s.strip.gsub(%r{<pre>(.*?)</pre>}m, '[...]').gsub(/(\r?\n|\r\n?)/, "\n> ") + "\n\n"
respond_to do |format|
format.html { render_404 }
format.js
end
end
def preview

13
test/functional/messages_controller_test.rb
View File

@ -311,6 +311,19 @@ class MessagesControllerTest < Redmine::ControllerTest
assert_include '> An other reply', response.body
end
def test_quote_as_html_should_respond_with_404
@request.session[:user_id] = 2
get(
:quote,
:params => {
:board_id => 1,
:id => 3
},
)
assert_response 404
end
def test_preview_new
@request.session[:user_id] = 2
post(