cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add validation for maximum ID passed to changesets#index

Browse source
This commit is contained in:
Tom Hughes 2024-04-11 09:23:06 +01:00
parent e3c43e4a1a
commit d8b468e7a1
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/changesets_controller.rb
View file

@ -18,6 +18,8 @@ class ChangesetsController < ApplicationController
## ##
# list non-empty changesets in reverse chronological order # list non-empty changesets in reverse chronological order
def index def index
param! :max_id, Integer, :min => 1
@params = params.permit(:display_name, :bbox, :friends, :nearby, :max_id, :list) @params = params.permit(:display_name, :bbox, :friends, :nearby, :max_id, :list)
if request.format == :atom && @params[:max_id] if request.format == :atom && @params[:max_id]

9
test/controllers/changesets_controller_test.rb
View file

@ -92,6 +92,15 @@ class ChangesetsControllerTest < ActionDispatch::IntegrationTest
check_index_result(changesets.last(20)) check_index_result(changesets.last(20))
end end
##
# This should report an error
def test_index_invalid_xhr
%w[-1 0 fred].each do |id|
get history_path(:format => "html", :list => "1", :max_id => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
## ##
# This should display the last 20 changesets closed in a specific area # This should display the last 20 changesets closed in a specific area
def test_index_bbox def test_index_bbox