Cleaned up the IssueController redirects to use the back_url like the other actions.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3315 e93f8b46-1217-0410-a6f0-8f06a7374b81

3 files changed, 58 insertions, 12 deletions

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 5da0aa283..c0d791e4b 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -217,7 +217,7 @@ class IssuesController < ApplicationController
           end
           call_hook(:controller_issues_edit_after_save, { :params => params, :issue => @issue, :time_entry => @time_entry, :journal => journal})
           respond_to do |format|
-            format.html { redirect_to(params[:back_to] || {:action => 'show', :id => @issue}) }
+            format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
             format.xml  { head :ok }
           end
           return
@@ -293,7 +293,7 @@ class IssuesController < ApplicationController
                                                          :total => @issues.size,
                                                          :ids => '#' + unsaved_issue_ids.join(', #'))
       end
-      redirect_to(params[:back_to] || {:controller => 'issues', :action => 'index', :project_id => @project})
+      redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
       return
     end
     @available_statuses = Workflow.available_statuses(@project)
diff --git a/app/views/issues/context_menu.rhtml b/app/views/issues/context_menu.rhtml
index 4a1d0c310..aff836c00 100644
--- a/app/views/issues/context_menu.rhtml
+++ b/app/views/issues/context_menu.rhtml
@@ -8,7 +8,7 @@
 		<a href="#" class="submenu" onclick="return false;"><%= l(:field_status) %></a>
 		<ul>
 		<% @statuses.each do |s| -%>
-		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link s.name, {:controller => 'issues', :action => 'edit', :id => @issue, :issue => {:status_id => s}, :back_url => @back}, :method => :post,
 		                              :selected => (s == @issue.status), :disabled => !(@can[:update] && @allowed_statuses.include?(s)) %></li>
 		<% end -%>
 		</ul>
@@ -23,7 +23,7 @@
 		<a href="#" class="submenu"><%= l(:field_tracker) %></a>
 		<ul>
 		<% @trackers.each do |t| -%>
-		    <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link t.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'tracker_id' => t, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && t == @issue.tracker), :disabled => !@can[:edit] %></li>
 		<% end -%>
 		</ul>
@@ -33,7 +33,7 @@
 		<a href="#" class="submenu"><%= l(:field_priority) %></a>
 		<ul>
 		<% @priorities.each do |p| -%>
-		    <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link p.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'priority_id' => p, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && p == @issue.priority), :disabled => !@can[:edit] %></li>
 		<% end -%>
 		</ul>
@@ -43,10 +43,10 @@
 		<a href="#" class="submenu"><%= l(:field_fixed_version) %></a>
 		<ul>
 		<% @project.shared_versions.open.sort.each do |v| -%>
-		    <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link format_version_name(v), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => v, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && v == @issue.fixed_version), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'fixed_version_id' => 'none', :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.fixed_version.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -56,10 +56,10 @@
 		<a href="#" class="submenu"><%= l(:field_assigned_to) %></a>
 		<ul>
 		<% @assignables.each do |u| -%>
-		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => u, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && u == @issue.assigned_to), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_nobody), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'assigned_to_id' => 'none', :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.assigned_to.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -69,10 +69,10 @@
 		<a href="#" class="submenu"><%= l(:field_category) %></a>
 		<ul>
 		<% @project.issue_categories.each do |u| -%>
-		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link u.name, {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => u, :back_url => @back}, :method => :post,
 		                              :selected => (@issue && u == @issue.category), :disabled => !@can[:update] %></li>
 		<% end -%>
-		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link l(:label_none), {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'category_id' => 'none', :back_url => @back}, :method => :post,
 		                              :selected => (@issue && @issue.category.nil?), :disabled => !@can[:update] %></li>
 		</ul>
 	</li>
@@ -82,7 +82,7 @@
 		<a href="#" class="submenu"><%= l(:field_done_ratio) %></a>
 		<ul>
 		<% (0..10).map{|x|x*10}.each do |p| -%>
-		    <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_to => @back}, :method => :post,
+		    <li><%= context_menu_link "#{p}%", {:controller => 'issues', :action => 'bulk_edit', :ids => @issues.collect(&:id), 'done_ratio' => p, :back_url => @back}, :method => :post,
 		                                  :selected => (@issue && p == @issue.done_ratio), :disabled => !@can[:edit] %></li>
 		<% end -%>
 		</ul>
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 2ea91d5e2..78ab04e1b 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -947,6 +947,36 @@ class IssuesControllerTest < ActionController::TestCase
     assert_equal 4, issue.fixed_version_id
     assert_not_equal issue.project_id, issue.fixed_version.project_id
   end
+
+  def test_post_edit_should_redirect_back_using_the_back_url_parameter
+    issue = Issue.find(2)
+    @request.session[:user_id] = 2
+
+    post :edit,
+         :id => issue.id,
+         :issue => {
+           :fixed_version_id => 4
+         },
+         :back_url => '/issues'
+
+    assert_response :redirect
+    assert_redirected_to '/issues'
+  end
+  
+  def test_post_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+    issue = Issue.find(2)
+    @request.session[:user_id] = 2
+
+    post :edit,
+         :id => issue.id,
+         :issue => {
+           :fixed_version_id => 4
+         },
+         :back_url => 'http://google.com'
+
+    assert_response :redirect
+    assert_redirected_to :controller => 'issues', :action => 'show', :id => issue.id
+  end
   
   def test_get_bulk_edit
     @request.session[:user_id] = 2
@@ -1053,6 +1083,22 @@ class IssuesControllerTest < ActionController::TestCase
     end
   end
 
+  def test_post_bulk_edit_should_redirect_back_using_the_back_url_parameter
+    @request.session[:user_id] = 2
+    post :bulk_edit, :ids => [1,2], :back_url => '/issues'
+
+    assert_response :redirect
+    assert_redirected_to '/issues'
+  end
+
+  def test_post_bulk_edit_should_not_redirect_back_using_the_back_url_parameter_off_the_host
+    @request.session[:user_id] = 2
+    post :bulk_edit, :ids => [1,2], :back_url => 'http://google.com'
+
+    assert_response :redirect
+    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => Project.find(1).identifier
+  end
+
   def test_move_routing
     assert_routing(
       {:method => :get, :path => '/issues/1/move'},