From 0a05cc2a378033b4a1049089b7c0f0865b8f9d1e Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 12 Jan 2010 20:17:20 +0000
Subject: Set a white list of issue attributes that can be mass-assigned from
 controllers.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3308 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/functional/issues_controller_test.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'test')

diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 4b806de89..2ea91d5e2 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -641,6 +641,13 @@ class IssuesControllerTest < ActionController::TestCase
                                         :value => 'Value for field 2'}
   end
   
+  def test_post_new_should_ignore_non_safe_attributes
+    @request.session[:user_id] = 2
+    assert_nothing_raised do
+      post :new, :project_id => 1, :issue => { :tracker => "A param can not be a Tracker" }
+    end
+  end
+  
   def test_copy_routing
     assert_routing(
       {:method => :get, :path => '/projects/world_domination/issues/567/copy'},
-- 
cgit v1.2.3