| @@ -1,45 +1,45 | |||
|
|
1 | 1 | # Redmine - project management software |
|
|
2 | 2 | # Copyright (C) 2006-2015 Jean-Philippe Lang |
|
|
3 | 3 | # |
|
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
|
7 | 7 | # of the License, or (at your option) any later version. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | require 'redmine/views/builders/structure' |
|
|
19 | 19 | |
|
|
20 | 20 | module Redmine |
|
|
21 | 21 | module Views |
|
|
22 | 22 | module Builders |
|
|
23 | 23 | class Json < Structure |
|
|
24 | 24 | attr_accessor :jsonp |
|
|
25 | 25 | |
|
|
26 | 26 | def initialize(request, response) |
|
|
27 | 27 | super |
|
|
28 | 28 | callback = request.params[:callback] || request.params[:jsonp] |
|
|
29 | 29 | if callback && Setting.jsonp_enabled? |
|
|
30 | self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_]/, '') | |
|
|
30 | self.jsonp = callback.to_s.gsub(/[^a-zA-Z0-9_.]/, '') | |
|
|
31 | 31 | end |
|
|
32 | 32 | end |
|
|
33 | 33 | |
|
|
34 | 34 | def output |
|
|
35 | 35 | json = @struct.first.to_json |
|
|
36 | 36 | if jsonp.present? |
|
|
37 | 37 | json = "#{jsonp}(#{json})" |
|
|
38 | 38 | response.content_type = 'application/javascript' |
|
|
39 | 39 | end |
|
|
40 | 40 | json |
|
|
41 | 41 | end |
|
|
42 | 42 | end |
|
|
43 | 43 | end |
|
|
44 | 44 | end |
|
|
45 | 45 | end |
| @@ -1,72 +1,72 | |||
|
|
1 | 1 | # Redmine - project management software |
|
|
2 | 2 | # Copyright (C) 2006-2015 Jean-Philippe Lang |
|
|
3 | 3 | # |
|
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
|
7 | 7 | # of the License, or (at your option) any later version. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | require File.expand_path('../../../test_helper', __FILE__) |
|
|
19 | 19 | |
|
|
20 | 20 | class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base |
|
|
21 | 21 | fixtures :trackers |
|
|
22 | 22 | |
|
|
23 | 23 | def test_should_ignore_jsonp_callback_with_jsonp_disabled |
|
|
24 | 24 | with_settings :jsonp_enabled => '0' do |
|
|
25 | 25 | get '/trackers.json?jsonp=handler' |
|
|
26 | 26 | end |
|
|
27 | 27 | |
|
|
28 | 28 | assert_response :success |
|
|
29 | 29 | assert_match %r{^\{"trackers":.+\}$}, response.body |
|
|
30 | 30 | assert_equal 'application/json; charset=utf-8', response.headers['Content-Type'] |
|
|
31 | 31 | end |
|
|
32 | 32 | |
|
|
33 | 33 | def test_jsonp_should_accept_callback_param |
|
|
34 | 34 | with_settings :jsonp_enabled => '1' do |
|
|
35 | 35 | get '/trackers.json?callback=handler' |
|
|
36 | 36 | end |
|
|
37 | 37 | |
|
|
38 | 38 | assert_response :success |
|
|
39 | 39 | assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body |
|
|
40 | 40 | assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type'] |
|
|
41 | 41 | end |
|
|
42 | 42 | |
|
|
43 | 43 | def test_jsonp_should_accept_jsonp_param |
|
|
44 | 44 | with_settings :jsonp_enabled => '1' do |
|
|
45 | 45 | get '/trackers.json?jsonp=handler' |
|
|
46 | 46 | end |
|
|
47 | 47 | |
|
|
48 | 48 | assert_response :success |
|
|
49 | 49 | assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body |
|
|
50 | 50 | assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type'] |
|
|
51 | 51 | end |
|
|
52 | 52 | |
|
|
53 | 53 | def test_jsonp_should_strip_invalid_characters_from_callback |
|
|
54 | 54 | with_settings :jsonp_enabled => '1' do |
|
|
55 | get '/trackers.json?callback=+-aA$1_' | |
|
|
55 | get '/trackers.json?callback=+-aA$1_.' | |
|
|
56 | 56 | end |
|
|
57 | 57 | |
|
|
58 | 58 | assert_response :success |
|
|
59 | assert_match %r{^aA1_\(\{"trackers":.+\}\)$}, response.body | |
|
|
59 | assert_match %r{^aA1_.\(\{"trackers":.+\}\)$}, response.body | |
|
|
60 | 60 | assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type'] |
|
|
61 | 61 | end |
|
|
62 | 62 | |
|
|
63 | 63 | def test_jsonp_without_callback_should_return_json |
|
|
64 | 64 | with_settings :jsonp_enabled => '1' do |
|
|
65 | 65 | get '/trackers.json?callback=' |
|
|
66 | 66 | end |
|
|
67 | 67 | |
|
|
68 | 68 | assert_response :success |
|
|
69 | 69 | assert_match %r{^\{"trackers":.+\}$}, response.body |
|
|
70 | 70 | assert_equal 'application/json; charset=utf-8', response.headers['Content-Type'] |
|
|
71 | 71 | end |
|
|
72 | 72 | end |
General Comments 0
You need to be logged in to leave comments.
Login now