kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Restore rev param validation that was removed in r2840. 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4542 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2010-12-18 18:37:49 +00:00
parent f7529c94f6
commit 84dd413f22
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/repositories_controller.rb
View File

@ -196,7 +196,10 @@ class RepositoriesController < ApplicationController
end end
end end
private private
REV_PARAM_RE = %r{^[a-f0-9]*$}i
def find_repository def find_repository
@project = Project.find(params[:id]) @project = Project.find(params[:id])
@repository = @project.repository @repository = @project.repository
@ -205,6 +208,12 @@ private
@path ||= '' @path ||= ''
@rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
@rev_to = params[:rev_to] @rev_to = params[:rev_to]
unless @rev.to_s.match(REV_PARAM_RE) && @rev.to_s.match(REV_PARAM_RE)
if @repository.branches.blank?
raise InvalidRevisionParam
end
end
rescue ActiveRecord::RecordNotFound rescue ActiveRecord::RecordNotFound
render_404 render_404
rescue InvalidRevisionParam rescue InvalidRevisionParam

6
test/functional/repositories_subversion_controller_test.rb
View File

@ -166,6 +166,12 @@ class RepositoriesSubversionControllerTest < ActionController::TestCase
} }
end end
def test_invalid_revision
get :revision, :id => 1, :rev => 'something_weird'
assert_response 500
assert_error_tag :content => /was not found/
end
def test_revision_with_repository_pointing_to_a_subdirectory def test_revision_with_repository_pointing_to_a_subdirectory
r = Project.find(1).repository r = Project.find(1).repository
# Changes repository url to a subdirectory # Changes repository url to a subdirectory