diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 5da0aa283..c0d791e4b 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -217,7 +217,7 @@ class IssuesController < ApplicationController
end
call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
respond_to do |format|
- format.html { redirect_to(params[:back_to] || {:action => 'show', :id => @issue}) }
+ format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
format.xml { head :ok }
end
return
@@ -293,7 +293,7 @@ class IssuesController < ApplicationController
:total => @issues.size,
:ids => '#' + unsaved_issue_ids.join(', #'))
end
- redirect_to(params[:back_to] || {:controller => 'issues', :action => 'index', :project_id => @project})
+ redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
return
end
@available_statuses = Workflow.available_statuses(@project)
diff --git a/app/views/issues/context_menu.rhtml b/app/views/issues/context_menu.rhtml
index 4a1d0c310..aff836c00 100644
--- a/app/views/issues/context_menu.rhtml
+++ b/app/views/issues/context_menu.rhtml
@@ -8,7 +8,7 @@
<% @statuses.each do |s| -%>
- - <%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_to => @back}, :method => :post,
+
- <%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_url => @back}, :method => :post,
:selected => (s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %>
<% end -%>
@@ -23,7 +23,7 @@
<% @trackers.each do |t| -%>
- - <%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_to => @back}, :method => :post,
+
- <%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_url => @back}, :method => :post,
:selected => (@issue && t == @issue.tracker), :disabled => !@can[:edit] %>
<% end -%>
@@ -33,7 +33,7 @@
<% @priorities.each do |p| -%>
- - <%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_to => @back}, :method => :post,
+
- <%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_url => @back}, :method => :post,
:selected => (@issue && p == @issue.priority), :disabled => !@can[:edit] %>
<% end -%>
@@ -43,10 +43,10 @@
<% @project.shared_versions.open.sort.each do |v| -%>
- - <%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_to => @back}, :method => :post,
+
- <%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_url => @back}, :method => :post,
:selected => (@issue && v == @issue.fixed_version), :disabled => !@can[:update] %>
<% end -%>
- - <%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_to => @back}, :method => :post,
+
- <%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_url => @back}, :method => :post,
:selected => (@issue && @issue.fixed_version.nil?), :disabled => !@can[:update] %>
@@ -56,10 +56,10 @@
<% @assignables.each do |u| -%>
- - <%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_to => @back}, :method => :post,
+
- <%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_url => @back}, :method => :post,
:selected => (@issue && u == @issue.assigned_to), :disabled => !@can[:update] %>
<% end -%>
- - <%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_to => @back}, :method => :post,
+
- <%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_url => @back}, :method => :post,
:selected => (@issue && @issue.assigned_to.nil?), :disabled => !@can[:update] %>
@@ -69,10 +69,10 @@
<% @project.issue_categories.each do |u| -%>
- - <%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_to => @back}, :method => :post,
+
- <%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_url => @back}, :method => :post,
:selected => (@issue && u == @issue.category), :disabled => !@can[:update] %>
<% end -%>
- - <%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_to => @back}, :method => :post,
+
- <%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_url => @back}, :method => :post,
:selected => (@issue && @issue.category.nil?), :disabled => !@can[:update] %>
@@ -82,7 +82,7 @@
<% (0..10).map{|x|x*10}.each do |p| -%>
- - <%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_to => @back}, :method => :post,
+
- <%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_url => @back}, :method => :post,
:selected => (@issue && p == @issue.done_ratio), :disabled => !@can[:edit] %>
<% end -%>
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 2ea91d5e2..78ab04e1b 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -947,6 +947,36 @@ class IssuesControllerTest < ActionController::TestCase
assert_equal 4, issue.fixed_version_id
assert_not_equal issue.project_id, issue.fixed_version.project_id
end
+
+ def test_post_edit_should_redirect_back_using_the_back_url_parameter
+ issue = Issue.find(2)
+ @request.session[:user_id] = 2
+
+ post :edit,
+ :id => issue.id,
+ :issue => {
+ :fixed_version_id => 4
+ },
+ :back_url => '/issues'
+
+ assert_response :redirect
+ assert_redirected_to '/issues'
+ end
+
+ def test_post_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+ issue = Issue.find(2)
+ @request.session[:user_id] = 2
+
+ post :edit,
+ :id => issue.id,
+ :issue => {
+ :fixed_version_id => 4
+ },
+ :back_url => 'http://google.com'
+
+ assert_response :redirect
+ assert_redirected_to :controller => 'issues', :action => 'show', :id => issue.id
+ end
def test_get_bulk_edit
@request.session[:user_id] = 2
@@ -1053,6 +1083,22 @@ class IssuesControllerTest < ActionController::TestCase
end
end
+ def test_post_bulk_edit_should_redirect_back_using_the_back_url_parameter
+ @request.session[:user_id] = 2
+ post :bulk_edit, :ids => [1,2], :back_url => '/issues'
+
+ assert_response :redirect
+ assert_redirected_to '/issues'
+ end
+
+ def test_post_bulk_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+ @request.session[:user_id] = 2
+ post :bulk_edit, :ids => [1,2], :back_url => 'http://google.com'
+
+ assert_response :redirect
+ assert_redirected_to :controller => 'issues', :action => 'index', :project_id => Project.find(1).identifier
+ end
+
def test_move_routing
assert_routing(
{:method => :get, :path => '/issues/1/move'},