Fix 500 errors with a POST request that requires a login. #4216

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3050 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-11-14 19:41:02 +00:00 · 2009-11-14 19:41:02 +00:00 · 93bf1df5d4
parent b2e4d8ad3f
commit 93bf1df5d4
2 changed files with 13 additions and 1 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -93,7 +93,13 @@ class ApplicationController < ActionController::Base
  
  def require_login
    if !User.current.logged?
-      redirect_to :controller => "account", :action => "login", :back_url => url_for(params)
+      # Extract only the basic url parameters on non-GET requests
+      if request.get?
+        url = url_for(params)
+      else
+        url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
+      end
+      redirect_to :controller => "account", :action => "login", :back_url => url
      return false
    end
    true
--- a/test/integration/admin_test.rb
+++ b/test/integration/admin_test.rb
@ -40,4 +40,10 @@ class AdminTest < ActionController::IntegrationTest
    locked_user = User.try_to_login("psmith", "psmith09")
    assert_equal nil, locked_user
  end
+
+  test "Add a user as an anonymous user should fail" do
+    post '/users/add', :user => { :login => 'psmith', :firstname => 'Paul'}, :password => "psmith09", :password_confirmation => "psmith09"
+    assert_response :redirect
+    assert_redirected_to "/login?back_url=http%3A%2F%2Fwww.example.com%2Fusers%2Fnew"
+  end
 end