From ede011243b0e251fb4dce3f710abc23c6a552004 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Fri, 19 Dec 2008 10:43:06 +0000 Subject: [PATCH] Check that wiki page exists before processing (#2360). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2145 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/wiki_controller.rb | 26 ++++++++++++------------- test/functional/wiki_controller_test.rb | 5 +++++ 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 221f4aa81..2dcc6f971 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -19,6 +19,7 @@ require 'diff' class WikiController < ApplicationController before_filter :find_wiki, :authorize + before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy] verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index } @@ -91,8 +92,7 @@ class WikiController < ApplicationController # rename a page def rename - @page = @wiki.find_page(params[:page]) - return render_403 unless editable? + return render_403 unless editable? @page.redirect_existing_links = true # used to display the *original* title if some AR validation errors occur @original_title = @page.pretty_title @@ -103,15 +103,12 @@ class WikiController < ApplicationController end def protect - page = @wiki.find_page(params[:page]) - page.update_attribute :protected, params[:protected] - redirect_to :action => 'index', :id => @project, :page => page.title + @page.update_attribute :protected, params[:protected] + redirect_to :action => 'index', :id => @project, :page => @page.title end # show page history def history - @page = @wiki.find_page(params[:page]) - @version_count = @page.content.versions.count @version_pages = Paginator.new self, @version_count, per_page_option, params['p'] # don't load text @@ -125,21 +122,19 @@ class WikiController < ApplicationController end def diff - @page = @wiki.find_page(params[:page]) @diff = @page.diff(params[:version], params[:version_from]) render_404 unless @diff end def annotate - @page = @wiki.find_page(params[:page]) @annotate = @page.annotate(params[:version]) + render_404 unless @annotate end # remove a wiki page and its history def destroy - @page = @wiki.find_page(params[:page]) - return render_403 unless editable? - @page.destroy if @page + return render_403 unless editable? + @page.destroy redirect_to :action => 'special', :id => @project, :page => 'Page_index' end @@ -181,7 +176,6 @@ class WikiController < ApplicationController end def add_attachment - @page = @wiki.find_page(params[:page]) return render_403 unless editable? attach_files(@page, params[:attachments]) redirect_to :action => 'index', :page => @page.title @@ -197,6 +191,12 @@ private render_404 end + # Finds the requested page and returns a 404 error if it doesn't exist + def find_existing_page + @page = @wiki.find_page(params[:page]) + render_404 if @page.nil? + end + # Returns true if the current user is allowed to edit the page, otherwise false def editable?(page = @page) page.editable_by?(User.current) diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb index b5325357c..5b2574128 100644 --- a/test/functional/wiki_controller_test.rb +++ b/test/functional/wiki_controller_test.rb @@ -251,4 +251,9 @@ class WikiControllerTest < Test::Unit::TestCase assert_response :success assert_template 'edit' end + + def test_history_of_non_existing_page_should_return_404 + get :history, :id => 1, :page => 'Unknown_page' + assert_response 404 + end end