diff --git a/app/controllers/issue_relations_controller.rb b/app/controllers/issue_relations_controller.rb index 8a41c383..9ce35858 100644 --- a/app/controllers/issue_relations_controller.rb +++ b/app/controllers/issue_relations_controller.rb @@ -21,8 +21,8 @@ class IssueRelationsController < ApplicationController def new @relation = IssueRelation.new(params[:relation]) @relation.issue_from = @issue - if params[:relation] && !params[:relation][:issue_to_id].blank? - @relation.issue_to = Issue.visible.find_by_id(params[:relation][:issue_to_id]) + if params[:relation] && m = params[:relation][:issue_to_id].to_s.match(/^#?(\d+)$/) + @relation.issue_to = Issue.visible.find_by_id(m[1].to_i) end @relation.save if request.post? respond_to do |format| diff --git a/test/functional/issue_relations_controller_test.rb b/test/functional/issue_relations_controller_test.rb index cd7af4eb..e8834f1b 100644 --- a/test/functional/issue_relations_controller_test.rb +++ b/test/functional/issue_relations_controller_test.rb @@ -40,6 +40,24 @@ class IssueRelationsControllerTest < ActionController::TestCase end end + def test_new_should_accept_id_with_hash + assert_difference 'IssueRelation.count' do + @request.session[:user_id] = 3 + post :new, :issue_id => 1, + :relation => {:issue_to_id => '#2', :relation_type => 'relates', :delay => ''} + end + end + + def test_new_should_not_break_with_non_numerical_id + assert_no_difference 'IssueRelation.count' do + assert_nothing_raised do + @request.session[:user_id] = 3 + post :new, :issue_id => 1, + :relation => {:issue_to_id => 'foo', :relation_type => 'relates', :delay => ''} + end + end + end + def test_should_create_relations_with_visible_issues_only Setting.cross_project_issue_relations = '1' assert_nil Issue.visible(User.find(3)).find_by_id(4)