Add validation for page number passed to notes#index

diff --git a/app/controllers/notes_controller.rb b/app/controllers/notes_controller.rb
index 97efc3eda8128f79bbd0a870b347cebc0c384501..26d27692e5cd5804386aca35191e68e26bbd7dbe 100644 (file)
--- a/app/controllers/notes_controller.rb
+++ b/app/controllers/notes_controller.rb
@@ -16,6 +16,8 @@ class NotesController < ApplicationController
   ##
   # Display a list of notes by a specified user
   def index
+    param! :page, Integer, :min => 1
+
     @params = params.permit(:display_name)
     @title = t ".title", :user => @user.display_name
     @page = (params[:page] || 1).to_i

diff --git a/test/controllers/notes_controller_test.rb b/test/controllers/notes_controller_test.rb
index e68a5f33beec2f4eb3c44a2d76da25c9f88788ec..c778f41c2a4567e7f462546eb5adcce86695ce58 100644 (file)
--- a/test/controllers/notes_controller_test.rb
+++ b/test/controllers/notes_controller_test.rb
@@ -83,6 +83,15 @@ class NotesControllerTest < ActionDispatch::IntegrationTest
     assert_select "table.note_list tbody tr", :count => 10
   end
 
+  def test_index_invalid_paged
+    user = create(:user)
+
+    %w[-1 0 fred].each do |page|
+      get user_notes_path(user, :page => page)
+      assert_redirected_to :controller => :errors, :action => :bad_request
+    end
+  end
+
   def test_empty_page
     user = create(:user)
     get user_notes_path(user)