[#347] Fix potential Execution After Redirect bugs
Execution After Redirect (EAR) happens when redirect in a controller is triggered but there still is code that is executed in the action. Contributed by Adam Doupé
This commit is contained in:
parent
72cd7f2049
commit
d2973a641e
|
@ -274,6 +274,7 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
end
|
||||
redirect_to default
|
||||
false
|
||||
end
|
||||
|
||||
def render_403(options={})
|
||||
|
|
|
@ -38,8 +38,9 @@ class CustomFieldsController < ApplicationController
|
|||
flash[:notice] = l(:notice_successful_create)
|
||||
call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field)
|
||||
redirect_to :action => 'index', :tab => @custom_field.class.name
|
||||
else
|
||||
@trackers = Tracker.find(:all, :order => 'position')
|
||||
end
|
||||
@trackers = Tracker.find(:all, :order => 'position')
|
||||
end
|
||||
|
||||
def edit
|
||||
|
@ -48,8 +49,9 @@ class CustomFieldsController < ApplicationController
|
|||
flash[:notice] = l(:notice_successful_update)
|
||||
call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field)
|
||||
redirect_to :action => 'index', :tab => @custom_field.class.name
|
||||
else
|
||||
@trackers = Tracker.find(:all, :order => 'position')
|
||||
end
|
||||
@trackers = Tracker.find(:all, :order => 'position')
|
||||
end
|
||||
|
||||
def destroy
|
||||
|
|
|
@ -75,10 +75,12 @@ class EnumerationsController < ApplicationController
|
|||
# No associated objects
|
||||
@enumeration.destroy
|
||||
redirect_to :action => 'index'
|
||||
return
|
||||
elsif params[:reassign_to_id]
|
||||
if reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id])
|
||||
@enumeration.destroy(reassign_to)
|
||||
redirect_to :action => 'index'
|
||||
return
|
||||
end
|
||||
end
|
||||
@enumerations = @enumeration.class.find(:all) - [@enumeration]
|
||||
|
|
|
@ -65,10 +65,12 @@ class IssueCategoriesController < ApplicationController
|
|||
# No issue assigned to this category
|
||||
@category.destroy
|
||||
redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
|
||||
return
|
||||
elsif params[:todo]
|
||||
reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id]) if params[:todo] == 'reassign'
|
||||
@category.destroy(reassign_to)
|
||||
redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories'
|
||||
return
|
||||
end
|
||||
@categories = @project.issue_categories - [@category]
|
||||
end
|
||||
|
|
|
@ -38,9 +38,10 @@ class RolesController < ApplicationController
|
|||
end
|
||||
flash[:notice] = l(:notice_successful_create)
|
||||
redirect_to :action => 'index'
|
||||
else
|
||||
@permissions = @role.setable_permissions
|
||||
@roles = Role.find :all, :order => 'builtin, position'
|
||||
end
|
||||
@permissions = @role.setable_permissions
|
||||
@roles = Role.find :all, :order => 'builtin, position'
|
||||
end
|
||||
|
||||
def edit
|
||||
|
@ -48,8 +49,9 @@ class RolesController < ApplicationController
|
|||
if request.post? and @role.update_attributes(params[:role])
|
||||
flash[:notice] = l(:notice_successful_update)
|
||||
redirect_to :action => 'index'
|
||||
else
|
||||
@permissions = @role.setable_permissions
|
||||
end
|
||||
@permissions = @role.setable_permissions
|
||||
end
|
||||
|
||||
def destroy
|
||||
|
|
|
@ -36,16 +36,16 @@ class SettingsController < ApplicationController
|
|||
end
|
||||
flash[:notice] = l(:notice_successful_update)
|
||||
redirect_to :action => 'edit', :tab => params[:tab]
|
||||
return
|
||||
end
|
||||
@options = {}
|
||||
@options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
|
||||
@deliveries = ActionMailer::Base.perform_deliveries
|
||||
else
|
||||
@options = {}
|
||||
@options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] }
|
||||
@deliveries = ActionMailer::Base.perform_deliveries
|
||||
|
||||
@guessed_host_and_path = request.host_with_port.dup
|
||||
@guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
|
||||
@guessed_host_and_path = request.host_with_port.dup
|
||||
@guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank?
|
||||
|
||||
Redmine::Themes.rescan
|
||||
Redmine::Themes.rescan
|
||||
end
|
||||
end
|
||||
|
||||
def plugin
|
||||
|
@ -54,9 +54,10 @@ class SettingsController < ApplicationController
|
|||
Setting["plugin_#{@plugin.id}"] = params[:settings]
|
||||
flash[:notice] = l(:notice_successful_update)
|
||||
redirect_to :action => 'plugin', :id => @plugin.id
|
||||
else
|
||||
@partial = @plugin.settings[:partial]
|
||||
@settings = Setting["plugin_#{@plugin.id}"]
|
||||
end
|
||||
@partial = @plugin.settings[:partial]
|
||||
@settings = Setting["plugin_#{@plugin.id}"]
|
||||
rescue Redmine::PluginNotFound
|
||||
render_404
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue