jro_apps/redmine Commit - r15367:650a64cb0020

Creating a wiki page named "Sidebar" without proper permission raises an exception (#23700)....

Jean-Philippe Lang -

r15367:650a64cb0020

parent child

Context file:

r15367:650a64cb0020

app/controllers/wiki_controller.rb +3 -1

               def new
                 @page = WikiPage.new(:wiki => @wiki, :title => params[:title])
-                unless User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
+                unless User.current.allowed_to?(:edit_wiki_pages, @project)
                   render_403
+                  return
                 end
                 if request.post?
+                  @page.title = '' unless editable?
                   @page.validate
                   if @page.errors[:title].blank?
                     path = project_wiki_page_path(@project, @page.title)

test/functional/wiki_controller_test.rb +9 0

@@ -216,6 +216,15 class WikiControllerTest < Redmine::ControllerTest
216	assert_select_error 'Title has already been taken'	216	assert_select_error 'Title has already been taken'
217	end	217	end
218		218
		219	def test_post_new_with_protected_title_should_display_errors
		220	Role.find(1).remove_permission!(:protect_wiki_pages)
		221	@request.session[:user_id] = 2
		222
		223	post :new, :params => {:project_id => 'ecookbook', :title => 'Sidebar'}
		224	assert_response :success
		225	assert_select_error /Title/
		226	end
		227
219	def test_post_new_xhr_with_invalid_title_should_display_errors	228	def test_post_new_xhr_with_invalid_title_should_display_errors
220	@request.session[:user_id] = 2	229	@request.session[:user_id] = 2
221		230

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages