From 27e9965dd2d7476ea8242c8c646976b698cc9e8e Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 29 Dec 2022 17:14:05 +0000 Subject: [PATCH] Require integer IDs for diary_entries#show Fixes #3865 --- config/routes.rb | 2 +- test/controllers/diary_entries_controller_test.rb | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/config/routes.rb b/config/routes.rb index be27698a5..80b897d08 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -226,7 +226,7 @@ OpenStreetMap::Application.routes.draw do get "/user/:display_name/diary" => "diary_entries#index" get "/diary/:language" => "diary_entries#index" scope "/user/:display_name" do - resources :diary_entries, :path => "diary", :only => [:edit, :update, :show] + resources :diary_entries, :path => "diary", :only => [:edit, :update, :show], :id => /\d+/ end post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/, :as => :comment_diary_entry post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry diff --git a/test/controllers/diary_entries_controller_test.rb b/test/controllers/diary_entries_controller_test.rb index 2003f9a08..1c0c623c8 100644 --- a/test/controllers/diary_entries_controller_test.rb +++ b/test/controllers/diary_entries_controller_test.rb @@ -669,6 +669,11 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest assert_response :success assert_template :show + # Try a non-integer ID + assert_raise ActionController::RoutingError do + get "/user/#{CGI.escapeURIComponent(user.display_name)}/diary/#{diary_entry.id})" + end + # Try a deleted entry diary_entry_deleted = create(:diary_entry, :user => user, :visible => false) get diary_entry_path(:display_name => user.display_name, :id => diary_entry_deleted) -- 2.39.5