From 9f8053a82ebac92bc766f3207ff22e248cbcad9e Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Wed, 31 Aug 2016 16:56:31 +0000 Subject: [PATCH] Merged r15749 (#23700). git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@15771 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/wiki_controller.rb | 4 +++- test/functional/wiki_controller_test.rb | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 10fd099e0..36a9b8741 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -62,10 +62,12 @@ class WikiController < ApplicationController def new @page = WikiPage.new(:wiki => @wiki, :title => params[:title]) - unless User.current.allowed_to?(:edit_wiki_pages, @project) && editable? + unless User.current.allowed_to?(:edit_wiki_pages, @project) render_403 + return end if request.post? + @page.title = '' unless editable? @page.validate if @page.errors[:title].blank? path = project_wiki_page_path(@project, @page.title) diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb index cd3bf0a76..8012f97a9 100644 --- a/test/functional/wiki_controller_test.rb +++ b/test/functional/wiki_controller_test.rb @@ -223,6 +223,15 @@ class WikiControllerTest < ActionController::TestCase assert_select_error 'Title has already been taken' end + def test_post_new_with_protected_title_should_display_errors + Role.find(1).remove_permission!(:protect_wiki_pages) + @request.session[:user_id] = 2 + + post :new, :params => {:project_id => 'ecookbook', :title => 'Sidebar'} + assert_response :success + assert_select_error /Title/ + end + def test_post_new_xhr_with_invalid_title_should_display_errors @request.session[:user_id] = 2 -- 2.39.5