jro_apps/redmine Commit - r4428:84dd413f22b9

Restore rev param validation that was removed in r2840....

Jean-Philippe Lang -

r4428:84dd413f22b9

parent child

Context file:

r4428:84dd413f22b9

app/controllers/repositories_controller.rb +10 -1

                 end
               end
-            private
+              private
+              REV_PARAM_RE = %r{^[a-f0-9]*$}i
               def find_repository
                 @project = Project.find(params[:id])
                 @repository = @project.repository
                 @path ||= ''
                 @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].strip
                 @rev_to = params[:rev_to]
+                unless @rev.to_s.match(REV_PARAM_RE) && @rev.to_s.match(REV_PARAM_RE)
+                  if @repository.branches.blank?
+                    raise InvalidRevisionParam
+                  end
+                end
               rescue ActiveRecord::RecordNotFound
                 render_404
               rescue InvalidRevisionParam

test/functional/repositories_subversion_controller_test.rb +6 0

                                         }
                 end
+                def test_invalid_revision
+                  get :revision, :id => 1, :rev => 'something_weird'
+                  assert_response 500
+                  assert_error_tag :content => /was not found/
+                end
                 def test_revision_with_repository_pointing_to_a_subdirectory
                   r = Project.find(1).repository
                   # Changes repository url to a subdirectory

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages