Merged r3315 from trunk.

author Eric Davis <edavis@littlestreamsoftware.com>

Thu, 14 Jan 2010 23:33:48 +0000 (23:33 +0000)

committer Eric Davis <edavis@littlestreamsoftware.com>

Thu, 14 Jan 2010 23:33:48 +0000 (23:33 +0000)
author Eric Davis <edavis@littlestreamsoftware.com>
Thu, 14 Jan 2010 23:33:48 +0000 (23:33 +0000)
committer Eric Davis <edavis@littlestreamsoftware.com>
Thu, 14 Jan 2010 23:33:48 +0000 (23:33 +0000)
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb

index cd435ebe7adcf70320156364fa4d7a4776954066..85789e2f1e9cec2132d0403e6874777478c199ac 100644 (file)
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -202,7 +202,7 @@ class IssuesController < ApplicationController
            flash[:notice] = l(:notice_successful_update)
          end
          call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
-        redirect_to(params[:back_to] || {:action => 'show', :id => @issue})
+        redirect_back_or_default({:action => 'show', :id => @issue})
        end
      end
    rescue ActiveRecord::StaleObjectError
@@ -269,7 +269,7 @@ class IssuesController < ApplicationController
                                                           :total => @issues.size,
                                                           :ids => '#' + unsaved_issue_ids.join(', #'))
        end
-      redirect_to(params[:back_to] || {:controller => 'issues', :action => 'index', :project_id => @project})
+      redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
        return
      end
      @available_statuses = Workflow.available_statuses(@project)
diff --git a/app/views/issues/context_menu.rhtml b/app/views/issues/context_menu.rhtml

index 4a1d0c310f26e147ea0d752066ce843beedb0f04..aff836c00ad5a2f899ad3b03d4f8dc264d274e21 100644 (file)
--- a/app/views/issues/context_menu.rhtml
+++ b/app/views/issues/context_menu.rhtml
@@ -8,7 +8,7 @@
                 <a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
                 <ul>
                 <% @statuses.each do |s| -%>
-                   <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_url => @back}, :method => :post,
                                               :selected => (s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
                 <% end -%>
                 </ul>
@@ -23,7 +23,7 @@
                 <a href="#" class="submenu"><%= l(:field_tracker) %></a>
                 <ul>
                 <% @trackers.each do |t| -%>
-                   <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_url => @back}, :method => :post,
                                               :selected => (@issue && t == @issue.tracker), :disabled => !@can[:edit] %></li>
                 <% end -%>
                 </ul>
@@ -33,7 +33,7 @@
                 <a href="#" class="submenu"><%= l(:field_priority) %></a>
                 <ul>
                 <% @priorities.each do |p| -%>
-                   <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_url => @back}, :method => :post,
                                               :selected => (@issue && p == @issue.priority), :disabled => !@can[:edit] %></li>
                 <% end -%>
                 </ul>
@@ -43,10 +43,10 @@
                 <a href="#" class="submenu"><%= l(:field_fixed_version) %></a>
                 <ul>
                 <% @project.shared_versions.open.sort.each do |v| -%>
-                   <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_url => @back}, :method => :post,
                                               :selected => (@issue && v == @issue.fixed_version), :disabled => !@can[:update] %></li>
                 <% end -%>
-                   <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_url => @back}, :method => :post,
                                               :selected => (@issue && @issue.fixed_version.nil?), :disabled => !@can[:update] %></li>
                 </ul>
         </li>
@@ -56,10 +56,10 @@
                 <a href="#" class="submenu"><%= l(:field_assigned_to) %></a>
                 <ul>
                 <% @assignables.each do |u| -%>
-                   <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_url => @back}, :method => :post,
                                               :selected => (@issue && u == @issue.assigned_to), :disabled => !@can[:update] %></li>
                 <% end -%>
-                   <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_url => @back}, :method => :post,
                                               :selected => (@issue && @issue.assigned_to.nil?), :disabled => !@can[:update] %></li>
                 </ul>
         </li>
@@ -69,10 +69,10 @@
                 <a href="#" class="submenu"><%= l(:field_category) %></a>
                 <ul>
                 <% @project.issue_categories.each do |u| -%>
-                   <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_url => @back}, :method => :post,
                                               :selected => (@issue && u == @issue.category), :disabled => !@can[:update] %></li>
                 <% end -%>
-                   <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_url => @back}, :method => :post,
                                               :selected => (@issue && @issue.category.nil?), :disabled => !@can[:update] %></li>
                 </ul>
         </li>
@@ -82,7 +82,7 @@
                 <a href="#" class="submenu"><%= l(:field_done_ratio) %></a>
                 <ul>
                 <% (0..10).map{|x|x*10}.each do |p| -%>
-                   <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_to => @back}, :method => :post,
+                   <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_url => @back}, :method => :post,
                                                   :selected => (@issue && p == @issue.done_ratio), :disabled => !@can[:edit] %></li>
                 <% end -%>
                 </ul>
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb

index 4b806de890d16237a66f94825241cdda100ae6b2..8a0c4e884d6e9d3638349e2a647abe48d4bc8c01 100644 (file)
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -940,6 +940,36 @@ class IssuesControllerTest < ActionController::TestCase
      assert_equal 4, issue.fixed_version_id
      assert_not_equal issue.project_id, issue.fixed_version.project_id
    end
+
+  def test_post_edit_should_redirect_back_using_the_back_url_parameter
+    issue = Issue.find(2)
+    @request.session[:user_id] = 2
+
+    post :edit,
+         :id => issue.id,
+         :issue => {
+           :fixed_version_id => 4
+         },
+         :back_url => '/issues'
+
+    assert_response :redirect
+    assert_redirected_to '/issues'
+  end
+  
+  def test_post_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+    issue = Issue.find(2)
+    @request.session[:user_id] = 2
+
+    post :edit,
+         :id => issue.id,
+         :issue => {
+           :fixed_version_id => 4
+         },
+         :back_url => 'http://google.com'
+
+    assert_response :redirect
+    assert_redirected_to :controller => 'issues', :action => 'show', :id => issue.id
+  end
    
    def test_get_bulk_edit
      @request.session[:user_id] = 2
@@ -1046,6 +1076,22 @@ class IssuesControllerTest < ActionController::TestCase
      end
    end
  
+  def test_post_bulk_edit_should_redirect_back_using_the_back_url_parameter
+    @request.session[:user_id] = 2
+    post :bulk_edit, :ids => [1,2], :back_url => '/issues'
+
+    assert_response :redirect
+    assert_redirected_to '/issues'
+  end
+
+  def test_post_bulk_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+    @request.session[:user_id] = 2
+    post :bulk_edit, :ids => [1,2], :back_url => 'http://google.com'
+
+    assert_response :redirect
+    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => Project.find(1).identifier
+  end
+
    def test_move_routing
      assert_routing(
        {:method => :get, :path => '/issues/1/move'},
author	Eric Davis <edavis@littlestreamsoftware.com>
	Thu, 14 Jan 2010 23:33:48 +0000 (23:33 +0000)
committer	Eric Davis <edavis@littlestreamsoftware.com>
	Thu, 14 Jan 2010 23:33:48 +0000 (23:33 +0000)
app/controllers/issues_controller.rb		patch \| blob \| history
app/views/issues/context_menu.rhtml		patch \| blob \| history
test/functional/issues_controller_test.rb		patch \| blob \| history