diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-11-20 10:20:53 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-11-20 10:20:53 +0000 |
| commit | 06b0176a3edd9b72ec1b7b8f9aaf98cf15b025e4 (patch) | |
| tree | e363f80cd7babc62b4fab33d48d4796e6f9461e6 | |
| parent | 427ec05c8b7931d0096c00d451e3b36ccfa6c969 (diff) | |
| download | redmine-06b0176a3edd9b72ec1b7b8f9aaf98cf15b025e4.tar.gz redmine-06b0176a3edd9b72ec1b7b8f9aaf98cf15b025e4.zip | |
Fixed: submitting a non numerical parent task input creates a 500 error (#6932).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4414 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/issue.rb | 2 | ||||
| -rw-r--r-- | test/functional/issues_controller_test.rb | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index c7885129e..8fdf4b39c 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -276,7 +276,7 @@ class Issue < ActiveRecord::Base if !user.allowed_to?(:manage_subtasks, project) attrs.delete('parent_issue_id') elsif !attrs['parent_issue_id'].blank? - attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id']) + attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i) end end diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index 8082d77fc..b86eee07e 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -525,6 +525,20 @@ class IssuesControllerTest < ActionController::TestCase assert_not_nil issue assert_equal Issue.find(2), issue.parent end + + def test_post_create_subissue_with_non_numeric_parent_id + @request.session[:user_id] = 2 + + assert_difference 'Issue.count' do + post :create, :project_id => 1, + :issue => {:tracker_id => 1, + :subject => 'This is a child issue', + :parent_issue_id => 'ABC'} + end + issue = Issue.find_by_subject('This is a child issue') + assert_not_nil issue + assert_nil issue.parent + end def test_post_create_should_send_a_notification ActionMailer::Base.deliveries.clear |