Respond with 404 when params[:ids] is missing (#12898).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11226 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/context_menus_controller.rb

@@ -21,6 +21,7 @@ class ContextMenusController < ApplicationController
 
   def issues
     @issues = Issue.visible.all(:conditions => {:id => params[:ids]}, :include => :project)
+    (render_404; return) unless @issues.present?
     if (@issues.size == 1)
       @issue = @issues.first
     end
@@ -74,6 +75,8 @@ class ContextMenusController < ApplicationController
   def time_entries
     @time_entries = TimeEntry.all(
        :conditions => {:id => params[:ids]}, :include => :project)
+    (render_404; return) unless @time_entries.present?
+
     @projects = @time_entries.collect(&:project).compact.uniq
     @project = @projects.first if @projects.size == 1
     @activities = TimeEntryActivity.shared.active

test/functional/context_menus_controller_test.rb

@@ -226,6 +226,11 @@ class ContextMenusControllerTest < ActionController::TestCase
     assert_equal [1], assigns(:issues).collect(&:id)
   end
 
+  def test_should_respond_with_404_without_ids
+    get :issues
+    assert_response 404
+  end
+
   def test_time_entries_context_menu
     @request.session[:user_id] = 2
     get :time_entries, :ids => [1, 2]