From c010e6b7a48df35e4cebb0fd42e52d07c9d5b936 Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Sun, 24 Apr 2011 16:07:43 -0500
Subject: [PATCH] Validate Web address

When changing the address of an existing Web
(or creating a new one), check that the new name is valid.
(Reported by Richard Marquez.)
---
 app/models/web.rb     |  9 +++++++--
 test/unit/web_test.rb | 10 ++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/app/models/web.rb b/app/models/web.rb
index 938d05bc..b79f4cea 100644
--- a/app/models/web.rb
+++ b/app/models/web.rb
@@ -1,3 +1,5 @@
+require 'instiki_stringsupport'
+
 class Web < ActiveRecord::Base
   ## Associations
 
@@ -15,8 +17,7 @@ class Web < ActiveRecord::Base
 
   ## Validations
 
-  validates_uniqueness_of :address
-
+  validates_uniqueness_of :address, :message => 'already exists'
   validates_length_of :color, :in => 3..6
 
   ## Methods
@@ -203,6 +204,10 @@ class Web < ActiveRecord::Base
     end
 
     def validate_address
+      if ['create_system', 'create_web', 'delete_web', 'delete_files', 'web_list', ''].include?(address)
+         self.errors.add(:address, 'is not a valid address')
+        raise Instiki::ValidationError.new("\"#{address.purify.escapeHTML}\" #{errors.on(:address)}")     
+      end
       unless address == CGI.escape(address)
         self.errors.add(:address, 'should contain only valid URI characters')
         raise Instiki::ValidationError.new("#{self.class.human_attribute_name('address')} #{errors.on(:address)}")
diff --git a/test/unit/web_test.rb b/test/unit/web_test.rb
index 1e2b0de1..3b95a30e 100644
--- a/test/unit/web_test.rb
+++ b/test/unit/web_test.rb
@@ -56,6 +56,16 @@ class WebTest < ActiveSupport::TestCase
     assert_raises(Instiki::ValidationError) { 
       Web.create(:name => 'Wiki2', :address => "wiki\234", :password => '123') 
     }
+    assert_raises(Instiki::ValidationError) { 
+      Web.create(:name => 'Wiki2', :address => "web_list", :password => '123') 
+    }
+    assert_raises(Instiki::ValidationError) { 
+      Web.create(:name => 'Wiki2', :address => "", :password => '123') 
+    }
+    assert_raises(Instiki::ValidationError) { 
+      Web.create!(:name => 'Wiki2', :address => "", :password => '123') 
+      Web.create(:name => 'Wiki2', :address => "", :password => '123') 
+    }
   end
   
   def test_new_page_linked_from_mother_page