From c2fe2d0c0615b01dd61088b5e99e9b3db9eb7529 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Mon, 9 Nov 2015 17:53:13 +0000 Subject: [PATCH] Fixed that #destroy_version with invalid version destroys wiki page content (#21155). git-svn-id: http://svn.redmine.org/redmine/trunk@14856 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/wiki_controller.rb | 9 ++++++--- test/functional/wiki_controller_test.rb | 12 ++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 6f6c6bbdf..eabfe1c46 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -266,9 +266,12 @@ class WikiController < ApplicationController def destroy_version return render_403 unless editable? - @content = @page.content_for_version(params[:version]) - @content.destroy - redirect_to_referer_or history_project_wiki_page_path(@project, @page.title) + if content = @page.content.versions.find_by_version(params[:version]) + content.destroy + redirect_to_referer_or history_project_wiki_page_path(@project, @page.title) + else + render_404 + end end # Export wiki to a single pdf or html file diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb index 27772cd7c..0b86ef063 100644 --- a/test/functional/wiki_controller_test.rb +++ b/test/functional/wiki_controller_test.rb @@ -756,6 +756,18 @@ class WikiControllerTest < ActionController::TestCase end end + def test_destroy_invalid_version_should_respond_with_404 + @request.session[:user_id] = 2 + assert_no_difference 'WikiContent::Version.count' do + assert_no_difference 'WikiContent.count' do + assert_no_difference 'WikiPage.count' do + delete :destroy_version, :project_id => 'ecookbook', :id => 'CookBook_documentation', :version => 99 + end + end + end + assert_response 404 + end + def test_index get :index, :project_id => 'ecookbook' assert_response :success