if !user then return -1,"You are not logged in, so Potlatch can't write any changes to the database." end
unless user.active_blocks.empty? then return -1,t('application.setup_user_auth.blocked') end
+ if cstags
+ if !tags_ok(cstags) then return -1,"One of the tags is invalid. Linux users may need to upgrade to Flash Player 10.1." end
+ cstags = strip_non_xml_chars cstags
+ end
+
# close previous changeset and add comment
if closeid
cs = Changeset.find(closeid.to_i)
cs.save!
else
cs.tags['comment']=closecomment
+ # in case closecomment has chars not allowed in xml
+ cs.tags = strip_non_xml_chars cs.tags
cs.save_with_tags!
end
end
cs = Changeset.new
cs.tags = cstags
cs.user_id = user.id
- if !closecomment.empty? then cs.tags['comment']=closecomment end
+ if !closecomment.empty?
+ cs.tags['comment']=closecomment
+ # in case closecomment has chars not allowed in xml
+ cs.tags = strip_non_xml_chars cs.tags
+ end
# smsm1 doesn't like the next two lines and thinks they need to be abstracted to the model more/better
cs.created_at = Time.now.getutc
cs.closed_at = cs.created_at + Changeset::IDLE_TIMEOUT
end
+ def test_startchangeset_invalid_xmlchar_comment
+ invalid = "\035\022"
+ comment = "foo#{invalid}bar"
+
+ amf_content "startchangeset", "/1", ["test@example.com:test", Hash.new, nil, comment, 1]
+ post :amf_write
+ assert_response :success
+ amf_parse_response
+ result = amf_result("/1")
+
+ assert_equal 3, result.size, result.inspect
+ assert_equal 0, result[0]
+ new_cs_id = result[2]
+
+ cs = Changeset.find(new_cs_id)
+ assert_equal "foobar", cs.tags["comment"]
+ end
+
# ************************************************************
# AMF Helper functions
projects / rails.git / commitdiff