]> git.openstreetmap.org Git - rails.git/commitdiff
Require integer IDs for diary_entries#show
authorTom Hughes <tom@compton.nu>
Thu, 29 Dec 2022 17:14:05 +0000 (17:14 +0000)
committerTom Hughes <tom@compton.nu>
Thu, 29 Dec 2022 17:14:05 +0000 (17:14 +0000)
Fixes #3865

config/routes.rb
test/controllers/diary_entries_controller_test.rb

index be27698a562820113cc82ca68948642afa2e5988..80b897d08f6ba21c82f44b3b7db6b2330adb7f6b 100644 (file)
@@ -226,7 +226,7 @@ OpenStreetMap::Application.routes.draw do
   get "/user/:display_name/diary" => "diary_entries#index"
   get "/diary/:language" => "diary_entries#index"
   scope "/user/:display_name" do
   get "/user/:display_name/diary" => "diary_entries#index"
   get "/diary/:language" => "diary_entries#index"
   scope "/user/:display_name" do
-    resources :diary_entries, :path => "diary", :only => [:edit, :update, :show]
+    resources :diary_entries, :path => "diary", :only => [:edit, :update, :show], :id => /\d+/
   end
   post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/, :as => :comment_diary_entry
   post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry
   end
   post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/, :as => :comment_diary_entry
   post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry
index 2003f9a085963ae717ffad02c795af678bb856cb..1c0c623c8a872ae472b1f03ef2a930b0714ceae7 100644 (file)
@@ -669,6 +669,11 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert_template :show
 
     assert_response :success
     assert_template :show
 
+    # Try a non-integer ID
+    assert_raise ActionController::RoutingError do
+      get "/user/#{CGI.escapeURIComponent(user.display_name)}/diary/#{diary_entry.id})"
+    end
+
     # Try a deleted entry
     diary_entry_deleted = create(:diary_entry, :user => user, :visible => false)
     get diary_entry_path(:display_name => user.display_name, :id => diary_entry_deleted)
     # Try a deleted entry
     diary_entry_deleted = create(:diary_entry, :user => user, :visible => false)
     get diary_entry_path(:display_name => user.display_name, :id => diary_entry_deleted)