diff options
author | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2011-05-01 23:20:46 +0000 |
---|---|---|
committer | Toshi MARUYAMA <marutosijp2@yahoo.co.jp> | 2011-05-01 23:20:46 +0000 |
commit | 935306af80226398f72721ac973ad14e45feb3e1 (patch) | |
tree | f8dbf50323387c3d8565ef82470d72bd7fad451a | |
parent | 6fce2170c49a08e892f979223581d1722644d3e0 (diff) | |
download | redmine-935306af80226398f72721ac973ad14e45feb3e1.tar.gz redmine-935306af80226398f72721ac973ad14e45feb3e1.zip |
Merged r5611 from trunk.
Fix potential Execution After Redirect bugs.
Execution After Redirect (EAR) happens when redirect in a controller is
triggered but there still is code that is executed in the action.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.1-stable@5613 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r-- | app/controllers/application_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/custom_fields_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/enumerations_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/issue_categories_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/roles_controller.rb | 8 | ||||
-rw-r--r-- | app/controllers/settings_controller.rb | 21 |
6 files changed, 25 insertions, 15 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 803eb5f2e..a906e1a4e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -271,6 +271,7 @@ class ApplicationController < ActionController::Base end end redirect_to default + false end def render_403(options={}) diff --git a/app/controllers/custom_fields_controller.rb b/app/controllers/custom_fields_controller.rb index 51457e74c..cfcf7db7d 100644 --- a/app/controllers/custom_fields_controller.rb +++ b/app/controllers/custom_fields_controller.rb @@ -38,8 +38,9 @@ class CustomFieldsController < ApplicationController flash[:notice] = l(:notice_successful_create) call_hook(:controller_custom_fields_new_after_save, :params => params, :custom_field => @custom_field) redirect_to :action => 'index', :tab => @custom_field.class.name + else + @trackers = Tracker.find(:all, :order => 'position') end - @trackers = Tracker.find(:all, :order => 'position') end def edit @@ -48,8 +49,9 @@ class CustomFieldsController < ApplicationController flash[:notice] = l(:notice_successful_update) call_hook(:controller_custom_fields_edit_after_save, :params => params, :custom_field => @custom_field) redirect_to :action => 'index', :tab => @custom_field.class.name + else + @trackers = Tracker.find(:all, :order => 'position') end - @trackers = Tracker.find(:all, :order => 'position') end def destroy diff --git a/app/controllers/enumerations_controller.rb b/app/controllers/enumerations_controller.rb index e5b50c873..539a221fd 100644 --- a/app/controllers/enumerations_controller.rb +++ b/app/controllers/enumerations_controller.rb @@ -75,10 +75,12 @@ class EnumerationsController < ApplicationController # No associated objects @enumeration.destroy redirect_to :action => 'index' + return elsif params[:reassign_to_id] if reassign_to = @enumeration.class.find_by_id(params[:reassign_to_id]) @enumeration.destroy(reassign_to) redirect_to :action => 'index' + return end end @enumerations = @enumeration.class.find(:all) - [@enumeration] diff --git a/app/controllers/issue_categories_controller.rb b/app/controllers/issue_categories_controller.rb index a43a767bb..049ef07f3 100644 --- a/app/controllers/issue_categories_controller.rb +++ b/app/controllers/issue_categories_controller.rb @@ -65,10 +65,12 @@ class IssueCategoriesController < ApplicationController # No issue assigned to this category @category.destroy redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories' + return elsif params[:todo] reassign_to = @project.issue_categories.find_by_id(params[:reassign_to_id]) if params[:todo] == 'reassign' @category.destroy(reassign_to) redirect_to :controller => 'projects', :action => 'settings', :id => @project, :tab => 'categories' + return end @categories = @project.issue_categories - [@category] end diff --git a/app/controllers/roles_controller.rb b/app/controllers/roles_controller.rb index 0809f9041..efb084973 100644 --- a/app/controllers/roles_controller.rb +++ b/app/controllers/roles_controller.rb @@ -38,9 +38,10 @@ class RolesController < ApplicationController end flash[:notice] = l(:notice_successful_create) redirect_to :action => 'index' + else + @permissions = @role.setable_permissions + @roles = Role.find :all, :order => 'builtin, position' end - @permissions = @role.setable_permissions - @roles = Role.find :all, :order => 'builtin, position' end def edit @@ -48,8 +49,9 @@ class RolesController < ApplicationController if request.post? and @role.update_attributes(params[:role]) flash[:notice] = l(:notice_successful_update) redirect_to :action => 'index' + else + @permissions = @role.setable_permissions end - @permissions = @role.setable_permissions end def destroy diff --git a/app/controllers/settings_controller.rb b/app/controllers/settings_controller.rb index 804a7fda3..a4dcadf27 100644 --- a/app/controllers/settings_controller.rb +++ b/app/controllers/settings_controller.rb @@ -36,16 +36,16 @@ class SettingsController < ApplicationController end flash[:notice] = l(:notice_successful_update) redirect_to :action => 'edit', :tab => params[:tab] - return - end - @options = {} - @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] } - @deliveries = ActionMailer::Base.perform_deliveries + else + @options = {} + @options[:user_format] = User::USER_FORMATS.keys.collect {|f| [User.current.name(f), f.to_s] } + @deliveries = ActionMailer::Base.perform_deliveries - @guessed_host_and_path = request.host_with_port.dup - @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank? + @guessed_host_and_path = request.host_with_port.dup + @guessed_host_and_path << ('/'+ Redmine::Utils.relative_url_root.gsub(%r{^\/}, '')) unless Redmine::Utils.relative_url_root.blank? - Redmine::Themes.rescan + Redmine::Themes.rescan + end end def plugin @@ -54,9 +54,10 @@ class SettingsController < ApplicationController Setting["plugin_#{@plugin.id}"] = params[:settings] flash[:notice] = l(:notice_successful_update) redirect_to :action => 'plugin', :id => @plugin.id + else + @partial = @plugin.settings[:partial] + @settings = Setting["plugin_#{@plugin.id}"] end - @partial = @plugin.settings[:partial] - @settings = Setting["plugin_#{@plugin.id}"] rescue Redmine::PluginNotFound render_404 end |