diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-12-19 10:43:06 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-12-19 10:43:06 +0000 |
| commit | ede011243b0e251fb4dce3f710abc23c6a552004 (patch) | |
| tree | 37bcf44ba6b101bc65512455b54717b3259cf9fb /app | |
| parent | 4ec5b1600a9ebdfba4a1276b000513d71eaee16c (diff) | |
| download | redmine-ede011243b0e251fb4dce3f710abc23c6a552004.tar.gz redmine-ede011243b0e251fb4dce3f710abc23c6a552004.zip | |
Check that wiki page exists before processing (#2360).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2145 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/wiki_controller.rb | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 221f4aa81..2dcc6f971 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -19,6 +19,7 @@ require 'diff' class WikiController < ApplicationController before_filter :find_wiki, :authorize + before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy] verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index } @@ -91,8 +92,7 @@ class WikiController < ApplicationController # rename a page def rename - @page = @wiki.find_page(params[:page]) - return render_403 unless editable? + return render_403 unless editable? @page.redirect_existing_links = true # used to display the *original* title if some AR validation errors occur @original_title = @page.pretty_title @@ -103,15 +103,12 @@ class WikiController < ApplicationController end def protect - page = @wiki.find_page(params[:page]) - page.update_attribute :protected, params[:protected] - redirect_to :action => 'index', :id => @project, :page => page.title + @page.update_attribute :protected, params[:protected] + redirect_to :action => 'index', :id => @project, :page => @page.title end # show page history def history - @page = @wiki.find_page(params[:page]) - @version_count = @page.content.versions.count @version_pages = Paginator.new self, @version_count, per_page_option, params['p'] # don't load text @@ -125,21 +122,19 @@ class WikiController < ApplicationController end def diff - @page = @wiki.find_page(params[:page]) @diff = @page.diff(params[:version], params[:version_from]) render_404 unless @diff end def annotate - @page = @wiki.find_page(params[:page]) @annotate = @page.annotate(params[:version]) + render_404 unless @annotate end # remove a wiki page and its history def destroy - @page = @wiki.find_page(params[:page]) - return render_403 unless editable? - @page.destroy if @page + return render_403 unless editable? + @page.destroy redirect_to :action => 'special', :id => @project, :page => 'Page_index' end @@ -181,7 +176,6 @@ class WikiController < ApplicationController end def add_attachment - @page = @wiki.find_page(params[:page]) return render_403 unless editable? attach_files(@page, params[:attachments]) redirect_to :action => 'index', :page => @page.title @@ -197,6 +191,12 @@ private render_404 end + # Finds the requested page and returns a 404 error if it doesn't exist + def find_existing_page + @page = @wiki.find_page(params[:page]) + render_404 if @page.nil? + end + # Returns true if the current user is allowed to edit the page, otherwise false def editable?(page = @page) page.editable_by?(User.current) |