Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-10 15:26:03 +01:00
Code Issues Packages Projects Releases Activity

Validate back_url everywhere (#32850).

Browse Source 
Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@19488 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2020-02-02 08:39:22 +00:00
parent b3cda4fd61
commit 0cd14b3a4b
3 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
test/functional/timelog_controller_test.rb
View File

@@ -173,6 +173,19 @@ class TimelogControllerTest < Redmine::ControllerTest
assert_select 'select[name=?]', 'time_entry[project_id]'
end
def test_get_edit_should_validate_back_url
@request.session[:user_id] = 2
get :edit, :params => {:id => 2, :project_id => nil, :back_url => '/valid'}
assert_response :success
assert_select 'a[href=?]', '/valid', {:text => 'Cancel'}
get :edit, :params => {:id => 2, :project_id => nil, :back_url => 'invalid'}
assert_response :success
assert_select 'a[href=?]', 'invalid', {:text => 'Cancel', :count => 0}
assert_select 'a[href=?]', '/projects/ecookbook/time_entries', {:text => 'Cancel'}
end
def test_post_create
@request.session[:user_id] = 3
assert_difference 'TimeEntry.count' do