Check that wiki page exists before processing (#2360).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2145 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
parent
4ec5b1600a
commit
ede011243b
|
|
@ -19,6 +19,7 @@ require 'diff'
|
|||
|
||||
class WikiController < ApplicationController
|
||||
before_filter :find_wiki, :authorize
|
||||
before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
|
||||
|
||||
verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }
|
||||
|
||||
|
|
@ -91,8 +92,7 @@ class WikiController < ApplicationController
|
|||
|
||||
# rename a page
|
||||
def rename
|
||||
@page = @wiki.find_page(params[:page])
|
||||
return render_403 unless editable?
|
||||
return render_403 unless editable?
|
||||
@page.redirect_existing_links = true
|
||||
# used to display the *original* title if some AR validation errors occur
|
||||
@original_title = @page.pretty_title
|
||||
|
|
@ -103,15 +103,12 @@ class WikiController < ApplicationController
|
|||
end
|
||||
|
||||
def protect
|
||||
page = @wiki.find_page(params[:page])
|
||||
page.update_attribute :protected, params[:protected]
|
||||
redirect_to :action => 'index', :id => @project, :page => page.title
|
||||
@page.update_attribute :protected, params[:protected]
|
||||
redirect_to :action => 'index', :id => @project, :page => @page.title
|
||||
end
|
||||
|
||||
# show page history
|
||||
def history
|
||||
@page = @wiki.find_page(params[:page])
|
||||
|
||||
@version_count = @page.content.versions.count
|
||||
@version_pages = Paginator.new self, @version_count, per_page_option, params['p']
|
||||
# don't load text
|
||||
|
|
@ -125,21 +122,19 @@ class WikiController < ApplicationController
|
|||
end
|
||||
|
||||
def diff
|
||||
@page = @wiki.find_page(params[:page])
|
||||
@diff = @page.diff(params[:version], params[:version_from])
|
||||
render_404 unless @diff
|
||||
end
|
||||
|
||||
def annotate
|
||||
@page = @wiki.find_page(params[:page])
|
||||
@annotate = @page.annotate(params[:version])
|
||||
render_404 unless @annotate
|
||||
end
|
||||
|
||||
# remove a wiki page and its history
|
||||
def destroy
|
||||
@page = @wiki.find_page(params[:page])
|
||||
return render_403 unless editable?
|
||||
@page.destroy if @page
|
||||
return render_403 unless editable?
|
||||
@page.destroy
|
||||
redirect_to :action => 'special', :id => @project, :page => 'Page_index'
|
||||
end
|
||||
|
||||
|
|
@ -181,7 +176,6 @@ class WikiController < ApplicationController
|
|||
end
|
||||
|
||||
def add_attachment
|
||||
@page = @wiki.find_page(params[:page])
|
||||
return render_403 unless editable?
|
||||
attach_files(@page, params[:attachments])
|
||||
redirect_to :action => 'index', :page => @page.title
|
||||
|
|
@ -197,6 +191,12 @@ private
|
|||
render_404
|
||||
end
|
||||
|
||||
# Finds the requested page and returns a 404 error if it doesn't exist
|
||||
def find_existing_page
|
||||
@page = @wiki.find_page(params[:page])
|
||||
render_404 if @page.nil?
|
||||
end
|
||||
|
||||
# Returns true if the current user is allowed to edit the page, otherwise false
|
||||
def editable?(page = @page)
|
||||
page.editable_by?(User.current)
|
||||
|
|
|
|||
|
|
@ -251,4 +251,9 @@ class WikiControllerTest < Test::Unit::TestCase
|
|||
assert_response :success
|
||||
assert_template 'edit'
|
||||
end
|
||||
|
||||
def test_history_of_non_existing_page_should_return_404
|
||||
get :history, :id => 1, :page => 'Unknown_page'
|
||||
assert_response 404
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue