Fixed: submitting a non numerical parent task input creates a 500 error (#6932).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4414 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/models/issue.rb b/app/models/issue.rb
index c7885129e74f418afe332cb2304fbe99ce1368f4..8fdf4b39c049aa41e99a429f6736683cb7c1e980 100644 (file)
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -276,7 +276,7 @@ class Issue < ActiveRecord::Base
       if !user.allowed_to?(:manage_subtasks, project)
         attrs.delete('parent_issue_id')
       elsif !attrs['parent_issue_id'].blank?
-        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'])
+        attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i)
       end
     end
     

diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 8082d77fc17e400e4c43fa233153bc28e6e37f42..b86eee07ef5d32c317f03c0143195a33b082b03d 100644 (file)
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -525,6 +525,20 @@ class IssuesControllerTest < ActionController::TestCase
     assert_not_nil issue
     assert_equal Issue.find(2), issue.parent
   end
+
+  def test_post_create_subissue_with_non_numeric_parent_id
+    @request.session[:user_id] = 2
+    
+    assert_difference 'Issue.count' do
+      post :create, :project_id => 1, 
+                 :issue => {:tracker_id => 1,
+                            :subject => 'This is a child issue',
+                            :parent_issue_id => 'ABC'}
+    end
+    issue = Issue.find_by_subject('This is a child issue')
+    assert_not_nil issue
+    assert_nil issue.parent
+  end
   
   def test_post_create_should_send_a_notification
     ActionMailer::Base.deliveries.clear