Check that wiki page exists before processing (#2360).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2145 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/wiki_controller.rb

@@ -19,6 +19,7 @@ require 'diff'
 
 class WikiController < ApplicationController
   before_filter :find_wiki, :authorize
+  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
   
   verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }
 
@@ -91,7 +92,6 @@ class WikiController < ApplicationController
   
   # rename a page
   def rename
-    @page = @wiki.find_page(params[:page])
     return render_403 unless editable?
     @page.redirect_existing_links = true
     # used to display the *original* title if some AR validation errors occur
@@ -103,15 +103,12 @@ class WikiController < ApplicationController
   end
   
   def protect
-    page = @wiki.find_page(params[:page])
+    @page.update_attribute :protected, params[:protected]
-    page.update_attribute :protected, params[:protected]
+    redirect_to :action => 'index', :id => @project, :page => @page.title
-    redirect_to :action => 'index', :id => @project, :page => page.title
   end
 
   # show page history
   def history
-    @page = @wiki.find_page(params[:page])
-    
     @version_count = @page.content.versions.count
     @version_pages = Paginator.new self, @version_count, per_page_option, params['p']
     # don't load text    
@@ -125,21 +122,19 @@ class WikiController < ApplicationController
   end
   
   def diff
-    @page = @wiki.find_page(params[:page])
     @diff = @page.diff(params[:version], params[:version_from])
     render_404 unless @diff
   end
   
   def annotate
-    @page = @wiki.find_page(params[:page])
     @annotate = @page.annotate(params[:version])
+    render_404 unless @annotate
   end
   
   # remove a wiki page and its history
   def destroy
-    @page = @wiki.find_page(params[:page])
     return render_403 unless editable?
-    @page.destroy if @page
+    @page.destroy
     redirect_to :action => 'special', :id => @project, :page => 'Page_index'
   end
 
@@ -181,7 +176,6 @@ class WikiController < ApplicationController
   end
 
   def add_attachment
-    @page = @wiki.find_page(params[:page])
     return render_403 unless editable?
     attach_files(@page, params[:attachments])
     redirect_to :action => 'index', :page => @page.title
@@ -197,6 +191,12 @@ private
     render_404
   end
   
+  # Finds the requested page and returns a 404 error if it doesn't exist
+  def find_existing_page
+    @page = @wiki.find_page(params[:page])
+    render_404 if @page.nil?
+  end
+  
   # Returns true if the current user is allowed to edit the page, otherwise false
   def editable?(page = @page)
     page.editable_by?(User.current)

test/functional/wiki_controller_test.rb

@@ -251,4 +251,9 @@ class WikiControllerTest < Test::Unit::TestCase
     assert_response :success
     assert_template 'edit'    
   end
+  
+  def test_history_of_non_existing_page_should_return_404
+    get :history, :id => 1, :page => 'Unknown_page'
+    assert_response 404
+  end
 end