Check that wiki page exists before processing (#2360).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2145 e93f8b46-1217-0410-a6f0-8f06a7374b81

Check that wiki page exists before processing (#2360).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2145 e93f8b46-1217-0410-a6f0-8f06a7374b81
ede01124 · Jean-Philippe Lang · 4ec5b160 · ede01124 · ede01124
Commit ede01124 authored Dec 19, 2008 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 13 deletions

wiki_controller.rb app/controllers/wiki_controller.rb +13 -13

wiki_controller_test.rb test/functional/wiki_controller_test.rb +5 -0

No files found.
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -19,6 +19,7 @@ require 'diff'
 class WikiController < ApplicationController
  before_filter :find_wiki, :authorize
+  before_filter :find_existing_page, :only => [:rename, :protect, :history, :diff, :annotate, :add_attachment, :destroy]
  verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }
@@ -91,8 +92,7 @@ class WikiController < ApplicationController
  # rename a page
  def rename
-    @page = @wiki.find_page(params[:page])
+    return render_403 unless editable?
-	return render_403 unless editable?
    @page.redirect_existing_links = true
    # used to display the *original* title if some AR validation errors occur
    @original_title = @page.pretty_title
@@ -103,15 +103,12 @@ class WikiController < ApplicationController
  end
  def protect
-    page = @wiki.find_page(params[:page])
+    @page.update_attribute :protected, params[:protected]
-    page.update_attribute :protected, params[:protected]
+    redirect_to :action => 'index', :id => @project, :page => @page.title
-    redirect_to :action => 'index', :id => @project, :page => page.title
  end
  # show page history
  def history
-    @page = @wiki.find_page(params[:page])
    @version_count = @page.content.versions.count
    @version_pages = Paginator.new self, @version_count, per_page_option, params['p']
    # don't load text    
@@ -125,21 +122,19 @@ class WikiController < ApplicationController
  end
  def diff
-    @page = @wiki.find_page(params[:page])
    @diff = @page.diff(params[:version], params[:version_from])
    render_404 unless @diff
  end
  def annotate
-    @page = @wiki.find_page(params[:page])
    @annotate = @page.annotate(params[:version])
+    render_404 unless @annotate
  end
  # remove a wiki page and its history
  def destroy
-    @page = @wiki.find_page(params[:page])
+    return render_403 unless editable?
-	return render_403 unless editable?
+    @page.destroy
-    @page.destroy if @page
    redirect_to :action => 'special', :id => @project, :page => 'Page_index'
  end
@@ -181,7 +176,6 @@ class WikiController < ApplicationController
  end
  def add_attachment
-    @page = @wiki.find_page(params[:page])
    return render_403 unless editable?
    attach_files(@page, params[:attachments])
    redirect_to :action => 'index', :page => @page.title
@@ -197,6 +191,12 @@ private
    render_404
  end
+  # Finds the requested page and returns a 404 error if it doesn't exist
+  def find_existing_page
+    @page = @wiki.find_page(params[:page])
+    render_404 if @page.nil?
+  end
  # Returns true if the current user is allowed to edit the page, otherwise false
  def editable?(page = @page)
    page.editable_by?(User.current)

--- a/test/functional/wiki_controller_test.rb
+++ b/test/functional/wiki_controller_test.rb
@@ -251,4 +251,9 @@ class WikiControllerTest < Test::Unit::TestCase
    assert_response :success
    assert_template 'edit'    
  end
+  def test_history_of_non_existing_page_should_return_404
+    get :history, :id => 1, :page => 'Unknown_page'
+    assert_response 404
+  end
 end