Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1237 e93f8b46-1217-0410-a6f0-8f06a7374b81
pull/351/head
Jean-Philippe Lang 17 years ago
parent 3a9b0988c7
commit d4429a544c
  1. 12
      app/controllers/application.rb
  2. 11
      app/controllers/search_controller.rb
  3. 6
      test/functional/search_controller_test.rb

@ -102,13 +102,17 @@ class ApplicationController < ActionController::Base
# make sure that the user is a member of the project (or admin) if project is private # make sure that the user is a member of the project (or admin) if project is private
# used as a before_filter for actions that do not require any particular permission on the project # used as a before_filter for actions that do not require any particular permission on the project
def check_project_privacy def check_project_privacy
unless @project.active? if @project && @project.active?
if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
true
else
User.current.logged? ? render_403 : require_login
end
else
@project = nil @project = nil
render_404 render_404
return false false
end end
return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
User.current.logged? ? render_403 : require_login
end end
# store current uri in session. # store current uri in session.

@ -17,6 +17,8 @@
class SearchController < ApplicationController class SearchController < ApplicationController
layout 'base' layout 'base'
before_filter :find_optional_project
helper :messages helper :messages
include MessagesHelper include MessagesHelper
@ -36,11 +38,6 @@ class SearchController < ApplicationController
return return
end end
if params[:id]
find_project
return unless check_project_privacy
end
if @project if @project
# only show what the user is allowed to view # only show what the user is allowed to view
@object_types = %w(issues news documents changesets wiki_pages messages) @object_types = %w(issues news documents changesets wiki_pages messages)
@ -104,8 +101,10 @@ class SearchController < ApplicationController
end end
private private
def find_project def find_optional_project
return true unless params[:id]
@project = Project.find(params[:id]) @project = Project.find(params[:id])
check_project_privacy
rescue ActiveRecord::RecordNotFound rescue ActiveRecord::RecordNotFound
render_404 render_404
end end

@ -78,6 +78,12 @@ class SearchControllerTest < Test::Unit::TestCase
assert_equal 2, results.size assert_equal 2, results.size
end end
def test_search_with_invalid_project_id
get :index, :id => 195, :q => 'recipe'
assert_response 404
assert_nil assigns(:results)
end
def test_quick_jump_to_issue def test_quick_jump_to_issue
# issue of a public project # issue of a public project
get :index, :q => "3" get :index, :q => "3"

Loading…
Cancel
Save