diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-01-12 20:17:20 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-01-12 20:17:20 +0000 |
| commit | 0a05cc2a378033b4a1049089b7c0f0865b8f9d1e (patch) | |
| tree | d3363c8a1f146dc1ed452fcae5685aece8f705d7 /test | |
| parent | ff77fb6aa9f1fc74960e86c11d2c5f38d6cdfabd (diff) | |
| download | redmine-0a05cc2a378033b4a1049089b7c0f0865b8f9d1e.tar.gz redmine-0a05cc2a378033b4a1049089b7c0f0865b8f9d1e.zip | |
Set a white list of issue attributes that can be mass-assigned from controllers.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3308 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
| -rw-r--r-- | test/functional/issues_controller_test.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index 4b806de89..2ea91d5e2 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -641,6 +641,13 @@ class IssuesControllerTest < ActionController::TestCase :value => 'Value for field 2'} end + def test_post_new_should_ignore_non_safe_attributes + @request.session[:user_id] = 2 + assert_nothing_raised do + post :new, :project_id => 1, :issue => { :tracker => "A param can not be a Tracker" } + end + end + def test_copy_routing assert_routing( {:method => :get, :path => '/projects/world_domination/issues/567/copy'}, |