Respond with 404 when params[:ids] is missing (#12898).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11226 e93f8b46-1217-0410-a6f0-8f06a7374b81
2013-01-20 16:04:25 +00:00 · 2013-01-20 16:04:25 +00:00 · 15f035be51
parent 6e6ce7c085
commit 15f035be51
2 changed files with 8 additions and 0 deletions
--- a/app/controllers/context_menus_controller.rb
+++ b/app/controllers/context_menus_controller.rb
@ -21,6 +21,7 @@ class ContextMenusController < ApplicationController

  def issues
    @issues = Issue.visible.all(:conditions => {:id => params[:ids]}, :include => :project)
+    (render_404; return) unless @issues.present?
    if (@issues.size == 1)
      @issue = @issues.first
    end
@ -74,6 +75,8 @@ class ContextMenusController < ApplicationController
  def time_entries
    @time_entries = TimeEntry.all(
       :conditions => {:id => params[:ids]}, :include => :project)
+    (render_404; return) unless @time_entries.present?
+
    @projects = @time_entries.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1
    @activities = TimeEntryActivity.shared.active
--- a/test/functional/context_menus_controller_test.rb
+++ b/test/functional/context_menus_controller_test.rb
@ -226,6 +226,11 @@ class ContextMenusControllerTest < ActionController::TestCase
    assert_equal [1], assigns(:issues).collect(&:id)
  end

+  def test_should_respond_with_404_without_ids
+    get :issues
+    assert_response 404
+  end
+
  def test_time_entries_context_menu
    @request.session[:user_id] = 2
    get :time_entries, :ids => [1, 2]