Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@21012 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.0.0
@@ -725,6 +725,13 @@ class ApplicationController < ActionController::Base | |||
render_error l(:error_query_statement_invalid) | |||
end | |||
def query_error(exception) | |||
Rails.logger.debug "#{exception.class.name}: #{exception.message}" | |||
Rails.logger.debug " #{exception.backtrace.join("\n ")}" | |||
render_404 | |||
end | |||
# Renders a 204 response for successful updates or deletions via the API | |||
def render_api_ok | |||
render_api_head :no_content |
@@ -29,6 +29,7 @@ class IssuesController < ApplicationController | |||
accept_api_auth :index, :show, :create, :update, :destroy | |||
rescue_from Query::StatementInvalid, :with => :query_statement_invalid | |||
rescue_from Query::QueryError, :with => :query_error | |||
helper :journals | |||
helper :projects | |||
@@ -470,6 +471,11 @@ class IssuesController < ApplicationController | |||
private | |||
def query_error(exception) | |||
session.delete(:issue_query) | |||
super | |||
end | |||
def retrieve_previous_and_next_issue_ids | |||
if params[:prev_issue_id].present? || params[:next_issue_id].present? | |||
@prev_issue_id = params[:prev_issue_id].presence.try(:to_i) |
@@ -32,6 +32,7 @@ class TimelogController < ApplicationController | |||
accept_api_auth :index, :show, :create, :update, :destroy | |||
rescue_from Query::StatementInvalid, :with => :query_statement_invalid | |||
rescue_from Query::QueryError, :with => :query_error | |||
helper :issues | |||
include TimelogHelper | |||
@@ -303,4 +304,9 @@ class TimelogController < ApplicationController | |||
def retrieve_time_entry_query | |||
retrieve_query(TimeEntryQuery, false, :defaults => @default_columns_names) | |||
end | |||
def query_error(exception) | |||
session.delete(:time_entry_query) | |||
super | |||
end | |||
end |
@@ -239,6 +239,9 @@ class Query < ActiveRecord::Base | |||
class StatementInvalid < ::ActiveRecord::StatementInvalid | |||
end | |||
class QueryError < StandardError | |||
end | |||
include Redmine::SubclassFactory | |||
VISIBILITY_PRIVATE = 0 | |||
@@ -1143,7 +1146,7 @@ class Query < ActiveRecord::Base | |||
assoc = $1 | |||
customized_key = "#{assoc}_id" | |||
customized_class = queried_class.reflect_on_association(assoc.to_sym).klass.base_class rescue nil | |||
raise "Unknown #{queried_class.name} association #{assoc}" unless customized_class | |||
raise QueryError, "Unknown #{queried_class.name} association #{assoc}" unless customized_class | |||
end | |||
where = sql_for_field(field, operator, value, db_table, db_field, true) | |||
if /[<>]/.match?(operator) | |||
@@ -1420,7 +1423,7 @@ class Query < ActiveRecord::Base | |||
when "$" | |||
sql = sql_contains("#{db_table}.#{db_field}", value.first, :ends_with => true) | |||
else | |||
raise "Unknown query operator #{operator}" | |||
raise QueryError, "Unknown query operator #{operator}" | |||
end | |||
return sql |
@@ -322,4 +322,15 @@ class IssuesTest < Redmine::IntegrationTest | |||
assert_response 404 | |||
end | |||
end | |||
def test_invalid_operators_should_render_404 | |||
get '/projects/ecookbook/issues', :params => { | |||
'set_filter' => '1', | |||
'f' => ['status_id', 'cf_9'], | |||
'op' => {'status_id' => 'o', 'cf_9' => '=6546546546'}, | |||
'v' => {'cf_9' => ['2021-05-25']} | |||
} | |||
assert_response 404 | |||
end | |||
end |