diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 9ca68772..e21f841b 100644 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -266,12 +266,14 @@ class WikiController < ApplicationController author_name = 'AnonymousCoward' if author_name =~ /^\s*$/ begin + the_content = params['content'].purify + prev_content = '' + filter_spam(the_content) raise Instiki::ValidationError.new('Your name cannot contain a "."') if author_name.include? '.' cookies['author'] = { :value => author_name, :expires => Time.utc(2030) } - the_content = params['content'].purify - filter_spam(the_content) if @page new_name = params['new_name'] ? params['new_name'].purify : @page_name + prev_content = @page.current_revision.content raise Instiki::ValidationError.new('Your new title cannot contain a "."') if new_name.include? '.' raise Instiki::ValidationError.new('A page named "' + new_name.escapeHTML + '" already exists.') if @page_name != new_name && @web.has_page?(new_name) @@ -290,7 +292,7 @@ class WikiController < ApplicationController param_hash = {:web => @web_name, :id => @page_name} # Work around Rails bug: flash will not display if query string is longer than 10192 bytes param_hash.update( :content => the_content ) if the_content && - CGI::escape(the_content).length < 10183 && the_content != @page.current_revision.content + CGI::escape(the_content).length < 10183 && the_content != prev_content if @page @page.unlock redirect_to param_hash.update( :action => 'edit' ) diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb index 2c54000d..691a4d75 100755 --- a/test/functional/wiki_controller_test.rb +++ b/test/functional/wiki_controller_test.rb @@ -710,10 +710,7 @@ class WikiControllerTest < ActionController::TestCase 'content' => @home.revisions.last.content.dup, 'author' => 'SomeOtherAuthor'}, {:return_to => '/wiki1/show/HomePage'} - assert_redirected_to :action => 'edit', :controller => 'wiki', :web => 'wiki1', :id => 'HomePage', - :content => 'HisWay would be MyWay $\sin(x)\begin{svg}\end{svg}\includegraphics[width=3e'+ - 'm]{foo}$ in kinda ThatWay in HisWay though MyWay \OverThere -- see SmartEngine in'+ - ' that SmartEngineGUI' + assert_redirected_to :action => 'edit', :controller => 'wiki', :web => 'wiki1', :id => 'HomePage' assert r.flash[:error].to_s == "You have tried to save page 'HomePage' without changing its content" revisions_after = @home.revisions.size @@ -750,11 +747,36 @@ class WikiControllerTest < ActionController::TestCase another_page = @wiki.read_page('wiki1', 'AnotherPage') assert_equal 'AnonymousCoward', another_page.author end + + def test_save_revised_content_invalid_author_name + r = process 'save', 'web' => 'wiki1', 'id' => 'HomePage', 'content' => 'Contents of a very new page', + 'author' => 'foo.bar' + assert_redirected_to :action => 'edit', :controller => 'wiki', :web => 'wiki1', :id => 'HomePage', + :content => 'Contents of a very new page' + assert r.flash[:error].to_s == 'Your name cannot contain a "."' + + r = process 'save', 'web' => 'wiki1', 'id' => 'HomePage', 'content' => 'a'*10184, + 'author' => 'foo.bar' + assert_redirected_to :action => 'edit', :controller => 'wiki', :web => 'wiki1', :id => 'HomePage' + assert r.flash[:error].to_s == 'Your name cannot contain a "."' + + r = process 'save', 'web' => 'wiki1', 'id' => 'NewPage', 'content' => 'Contents of a new page', + 'author' => 'foo.bar' + assert_redirected_to :action => 'new', :controller => 'wiki', :web => 'wiki1', :id => 'NewPage', + :content => 'Contents of a new page' + assert r.flash[:error].to_s == 'Your name cannot contain a "."' + + r = process 'save', 'web' => 'wiki1', 'id' => 'NewPage', 'content' => 'a'*10184, + 'author' => 'foo.bar' + assert_redirected_to :action => 'new', :controller => 'wiki', :web => 'wiki1', :id => 'NewPage' + assert r.flash[:error].to_s == 'Your name cannot contain a "."' + end def test_save_invalid_author_name r = process 'save', 'web' => 'wiki1', 'id' => 'NewPage', 'content' => 'Contents of a new page', 'author' => 'foo.bar' - assert_redirected_to :action => 'new', :controller => 'wiki', :web => 'wiki1', :id => 'NewPage' + assert_redirected_to :action => 'new', :controller => 'wiki', :web => 'wiki1', :id => 'NewPage', + :content => 'Contents of a new page' assert r.flash[:error].to_s == 'Your name cannot contain a "."' r = process 'save', 'web' => 'wiki1', 'id' => 'NewPage', 'content' => 'Contents of a new page',