Fixed that #destroy_version with invalid version destroys wiki page content (#21155).

git-svn-id: http://svn.redmine.org/redmine/trunk@14856 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index 6f6c6bbdfed0a337704799ed0df8f63cb7d16ebd..eabfe1c46c97d4e9d042aeef4ad47ff2a0312b82 100644 (file)
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -266,9 +266,12 @@ class WikiController < ApplicationController
   def destroy_version
     return render_403 unless editable?
 
-    @content = @page.content_for_version(params[:version])
-    @content.destroy
-    redirect_to_referer_or history_project_wiki_page_path(@project, @page.title)
+    if content = @page.content.versions.find_by_version(params[:version])
+      content.destroy
+      redirect_to_referer_or history_project_wiki_page_path(@project, @page.title)
+    else
+      render_404
+    end
   end
 
   # Export wiki to a single pdf or html file

diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb
index 27772cd7c02ce059984e449fe6c75e0de4852d2c..0b86ef0635c90f929f4a3d8313864d565a3c347e 100644 (file)
--- a/test/functional/wiki_controller_test.rb
+++ b/test/functional/wiki_controller_test.rb
@@ -756,6 +756,18 @@ class WikiControllerTest < ActionController::TestCase
     end
   end
 
+  def test_destroy_invalid_version_should_respond_with_404
+    @request.session[:user_id] = 2
+    assert_no_difference 'WikiContent::Version.count' do
+      assert_no_difference 'WikiContent.count' do
+        assert_no_difference 'WikiPage.count' do
+          delete :destroy_version, :project_id => 'ecookbook', :id => 'CookBook_documentation', :version => 99
+        end
+      end
+    end
+    assert_response 404
+  end
+
   def test_index
     get :index, :project_id => 'ecookbook'
     assert_response :success