render_error l(:error_query_statement_invalid)
end
+ def query_error(exception)
+ Rails.logger.debug "#{exception.class.name}: #{exception.message}"
+ Rails.logger.debug " #{exception.backtrace.join("\n ")}"
+
+ render_404
+ end
+
# Renders a 204 response for successful updates or deletions via the API
def render_api_ok
render_api_head :no_content
accept_api_auth :index, :show, :create, :update, :destroy
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
+ rescue_from Query::QueryError, :with => :query_error
helper :journals
helper :projects
private
+ def query_error(exception)
+ session.delete(:issue_query)
+ super
+ end
+
def retrieve_previous_and_next_issue_ids
if params[:prev_issue_id].present? || params[:next_issue_id].present?
@prev_issue_id = params[:prev_issue_id].presence.try(:to_i)
accept_api_auth :index, :show, :create, :update, :destroy
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
+ rescue_from Query::QueryError, :with => :query_error
helper :issues
include TimelogHelper
def retrieve_time_entry_query
retrieve_query(TimeEntryQuery, false, :defaults => @default_columns_names)
end
+
+ def query_error(exception)
+ session.delete(:time_entry_query)
+ super
+ end
end
class StatementInvalid < ::ActiveRecord::StatementInvalid
end
+ class QueryError < StandardError
+ end
+
include Redmine::SubclassFactory
VISIBILITY_PRIVATE = 0
assoc = $1
customized_key = "#{assoc}_id"
customized_class = queried_class.reflect_on_association(assoc.to_sym).klass.base_class rescue nil
- raise "Unknown #{queried_class.name} association #{assoc}" unless customized_class
+ raise QueryError, "Unknown #{queried_class.name} association #{assoc}" unless customized_class
end
where = sql_for_field(field, operator, value, db_table, db_field, true)
if /[<>]/.match?(operator)
when "$"
sql = sql_contains("#{db_table}.#{db_field}", value.first, :ends_with => true)
else
- raise "Unknown query operator #{operator}"
+ raise QueryError, "Unknown query operator #{operator}"
end
return sql
assert_response 404
end
end
+
+ def test_invalid_operators_should_render_404
+ get '/projects/ecookbook/issues', :params => {
+ 'set_filter' => '1',
+ 'f' => ['status_id', 'cf_9'],
+ 'op' => {'status_id' => 'o', 'cf_9' => '=6546546546'},
+ 'v' => {'cf_9' => ['2021-05-25']}
+ }
+
+ assert_response 404
+ end
end
projects / redmine.git / commitdiff