From f60881518a7a1b12e0c604d1ae1ba3c0fc99944f 2010-01-14 23:33:48
From: Eric Davis <edavis@littlestreamsoftware.com>
Date: 2010-01-14 23:33:48
Subject: [PATCH] Merged r3315 from trunk.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/0.9-stable@3316 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index cd435eb..85789e2 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -202,7 +202,7 @@ class IssuesController < ApplicationController
           flash[:notice] = l(:notice_successful_update)
         end
         call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
-        redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
+        redirect_back_or_default({:action => 'show', :id => @issue})
       end
     end
   rescue ActiveRecord::StaleObjectError
@@ -269,7 +269,7 @@ class IssuesController < ApplicationController
                                                          :total => @issues.size,
                                                          :ids => '#' + unsaved_issue_ids.join(', #'))
       end
-      redirect_to(params[:back_to] || {:controller => 'issues', :action => 'index', :project_id => @project})
+      redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
       return
     end
     @available_statuses = Workflow.available_statuses(@project)
diff --git a/app/views/issues/context_menu.rhtml b/app/views/issues/context_menu.rhtml
index 4a1d0c3..aff836c 100644
--- a/app/views/issues/context_menu.rhtml
+++ b/app/views/issues/context_menu.rhtml
@@ -8,7 +8,7 @@
 		<a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
 		<ul>
 		<% @statuses.each do |s| -%>
-		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_url => @back}, :method => :post,
 		                              :selected => (s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
 		<% end -%>
 		</ul>
@@ -23,7 +23,7 @@
 		<a href="#" class="submenu"><%= l(:field_tracker) %></a>
 		<ul>
 		<% @trackers.each do |t| -%>
-		    <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && t == @issue.tracker), :disabled => !@can[:edit] %></li>
 		<% end -%>
 		</ul>
@@ -33,7 +33,7 @@
 		<a href="#" class="submenu"><%= l(:field_priority) %></a>
 		<ul>
 		<% @priorities.each do |p| -%>
-		    <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && p == @issue.priority), :disabled => !@can[:edit] %></li>
 		<% end -%>
 		</ul>
@@ -43,10 +43,10 @@
 		<a href="#" class="submenu"><%= l(:field_fixed_version) %></a>
 		<ul>
 		<% @project.shared_versions.open.sort.each do |v| -%>
-		    <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && v == @issue.fixed_version), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.fixed_version.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -56,10 +56,10 @@
 		<a href="#" class="submenu"><%= l(:field_assigned_to) %></a>
 		<ul>
 		<% @assignables.each do |u| -%>
-		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && u == @issue.assigned_to), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.assigned_to.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -69,10 +69,10 @@
 		<a href="#" class="submenu"><%= l(:field_category) %></a>
 		<ul>
 		<% @project.issue_categories.each do |u| -%>
-		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && u == @issue.category), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.category.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -82,7 +82,7 @@
 		<a href="#" class="submenu"><%= l(:field_done_ratio) %></a>
 		<ul>
 		<% (0..10).map{|x|x*10}.each do |p| -%>
-		    <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_url => @back}, :method => :post,
 		                                  :selected => (@issue && p == @issue.done_ratio), :disabled => !@can[:edit] %></li>
 		<% end -%>
 		</ul>
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 4b806de..8a0c4e8 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -940,6 +940,36 @@ class IssuesControllerTest < ActionController::TestCase
     assert_equal 4, issue.fixed_version_id
     assert_not_equal issue.project_id, issue.fixed_version.project_id
   end
+
+  def test_post_edit_should_redirect_back_using_the_back_url_parameter
+    issue = Issue.find(2)
+    @request.session[:user_id] = 2
+
+    post :edit,
+         :id => issue.id,
+         :issue => {
+           :fixed_version_id => 4
+         },
+         :back_url => '/issues'
+
+    assert_response :redirect
+    assert_redirected_to '/issues'
+  end
+  
+  def test_post_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+    issue = Issue.find(2)
+    @request.session[:user_id] = 2
+
+    post :edit,
+         :id => issue.id,
+         :issue => {
+           :fixed_version_id => 4
+         },
+         :back_url => 'http://google.com'
+
+    assert_response :redirect
+    assert_redirected_to :controller => 'issues', :action => 'show', :id => issue.id
+  end
   
   def test_get_bulk_edit
     @request.session[:user_id] = 2
@@ -1046,6 +1076,22 @@ class IssuesControllerTest < ActionController::TestCase
     end
   end
 
+  def test_post_bulk_edit_should_redirect_back_using_the_back_url_parameter
+    @request.session[:user_id] = 2
+    post :bulk_edit, :ids => [1,2], :back_url => '/issues'
+
+    assert_response :redirect
+    assert_redirected_to '/issues'
+  end
+
+  def test_post_bulk_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+    @request.session[:user_id] = 2
+    post :bulk_edit, :ids => [1,2], :back_url => 'http://google.com'
+
+    assert_response :redirect
+    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => Project.find(1).identifier
+  end
+
   def test_move_routing
     assert_routing(
       {:method => :get, :path => '/issues/1/move'},