jro_apps/redmine Commit - r3406:f5f5a5f64f29

Verify issues are updated by HTTP PUT only. Regression from r3486....

Eric Davis -

r3406:f5f5a5f64f29

parent child

Context file:

r3406:f5f5a5f64f29

app/controllers/issues_controller.rb +3 -1

                verify :method => [:post, :delete],
                       :only => :destroy,
                       :render => { :nothing => true, :status => :method_not_allowed }
+               verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
                def index
                  retrieve_query
                  sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)

test/functional/issues_controller_test.rb +14 0

                  assert_select_rjs :show, "update"
                end
+               def test_update_using_invalid_http_verbs
+                 @request.session[:user_id] = 2
+                 subject = 'Updated by an invalid http verb'
+                 get :update, :id => 1, :issue => {:subject => subject}
+                 assert_not_equal subject, Issue.find(1).subject
+                 post :update, :id => 1, :issue => {:subject => subject}
+                 assert_not_equal subject, Issue.find(1).subject
+                 delete :update, :id => 1, :issue => {:subject => subject}
+                 assert_not_equal subject, Issue.find(1).subject
+               end
                def test_put_update_without_custom_fields_param
                  @request.session[:user_id] = 2
                  ActionMailer::Base.deliveries.clear

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages