From d1244b31a4c2c6f8a5625f92506f7e281fb1cc00 2013-02-20 20:59:52
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2013-02-20 20:59:52
Subject: [PATCH] Fixed that requesting a message from an invalid forum should respond with 404 (#13232).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11446 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index b29b64e..ad91076 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -125,7 +125,7 @@ class MessagesController < ApplicationController
 
 private
   def find_message
-    find_board
+    return unless find_board
     @message = @board.messages.find(params[:id], :include => :parent)
     @topic = @message.root
   rescue ActiveRecord::RecordNotFound
@@ -137,5 +137,6 @@ private
     @project = @board.project
   rescue ActiveRecord::RecordNotFound
     render_404
+    nil
   end
 end
diff --git a/test/functional/messages_controller_test.rb b/test/functional/messages_controller_test.rb
index cf5eef5..a4dee17 100644
--- a/test/functional/messages_controller_test.rb
+++ b/test/functional/messages_controller_test.rb
@@ -74,6 +74,11 @@ class MessagesControllerTest < ActionController::TestCase
     assert_response 404
   end
 
+  def test_show_message_from_invalid_board_should_respond_with_404
+    get :show, :board_id => 999, :id => 1
+    assert_response 404
+  end
+
   def test_get_new
     @request.session[:user_id] = 2
     get :new, :board_id => 1