mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
Browse Source

Creating a wiki page named "Sidebar" without proper permission raises an exception (#23700). 

git-svn-id: http://svn.redmine.org/redmine/trunk@15749 e93f8b46-1217-0410-a6f0-8f06a7374b81
tags/3.4.0
Jean-Philippe Lang 7 years ago
parent
0925ce756c
commit
650a64cb00
2 changed files with 12 additions and 1 deletions
Split View Show Diff Stats
  1. 3
    1
      app/controllers/wiki_controller.rb
  2. 9
    0
      test/functional/wiki_controller_test.rb

+ 3
- 1
app/controllers/wiki_controller.rb View File

@@ -62,10 +62,12 @@ class WikiController < ApplicationController

def new
@page = WikiPage.new(:wiki => @wiki, :title => params[:title])
unless User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
unless User.current.allowed_to?(:edit_wiki_pages, @project)
render_403
return
end
if request.post?
@page.title = '' unless editable?
@page.validate
if @page.errors[:title].blank?
path = project_wiki_page_path(@project, @page.title)

+ 9
- 0
test/functional/wiki_controller_test.rb View File

@@ -216,6 +216,15 @@ class WikiControllerTest < Redmine::ControllerTest
assert_select_error 'Title has already been taken'
end

def test_post_new_with_protected_title_should_display_errors
Role.find(1).remove_permission!(:protect_wiki_pages)
@request.session[:user_id] = 2

post :new, :params => {:project_id => 'ecookbook', :title => 'Sidebar'}
assert_response :success
assert_select_error /Title/
end

def test_post_new_xhr_with_invalid_title_should_display_errors
@request.session[:user_id] = 2


Write Preview
Loading…
Cancel
Save