From 650a64cb0020ac849eaefb20abbbb090abcb6b3d Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 30 Aug 2016 19:21:42 +0000
Subject: Creating a wiki page named "Sidebar" without proper permission raises
 an exception (#23700).

git-svn-id: http://svn.redmine.org/redmine/trunk@15749 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/wiki_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index de1931a0b..1dfb16640 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -62,10 +62,12 @@ class WikiController < ApplicationController
 
   def new
     @page = WikiPage.new(:wiki => @wiki, :title => params[:title])
-    unless User.current.allowed_to?(:edit_wiki_pages, @project) && editable?
+    unless User.current.allowed_to?(:edit_wiki_pages, @project)
       render_403
+      return
     end
     if request.post?
+      @page.title = '' unless editable?
       @page.validate
       if @page.errors[:title].blank?
         path = project_wiki_page_path(@project, @page.title)
-- 
cgit v1.2.3