cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add validation for before/after parameters to pagination concern

Browse source
This commit is contained in:
Tom Hughes 2024-04-11 09:13:56 +01:00
parent 5d887a37bf
commit e3c43e4a1a
5 changed files with 89 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/concerns/pagination_methods.rb
View file

@ -6,6 +6,9 @@ module PaginationMethods
## ##
# limit selected items to one page, get ids of first item before/after the page # limit selected items to one page, get ids of first item before/after the page
def get_page_items(items, includes: [], limit: 20) def get_page_items(items, includes: [], limit: 20)
param! :before, Integer, :min => 1
param! :after, Integer, :min => 1
id_column = "#{items.table_name}.id" id_column = "#{items.table_name}.id"
page_items = if params[:before] page_items = if params[:before]
items.where("#{id_column} < ?", params[:before]).order(:id => :desc) items.where("#{id_column} < ?", params[:before]).order(:id => :desc)

23
test/controllers/diary_entries_controller_test.rb
View file

@ -590,6 +590,17 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
assert_select "li.page-item.disabled span.page-link", :text => "Newer Entries", :count => 1 assert_select "li.page-item.disabled span.page-link", :text => "Newer Entries", :count => 1
end end
def test_index_invalid_paged
# Try some invalid paged accesses
%w[-1 0 fred].each do |id|
get diary_entries_path(:before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get diary_entries_path(:after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
def test_rss def test_rss
create(:language, :code => "de") create(:language, :code => "de")
create(:diary_entry, :language_code => "en") create(:diary_entry, :language_code => "en")
@ -899,6 +910,18 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
assert_response :not_found assert_response :not_found
end end
def test_comments_invalid_paged
user = create(:user)
%w[-1 0 fred].each do |id|
get diary_comments_path(:display_name => user.display_name, :before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get diary_comments_path(:display_name => user.display_name, :after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
def test_subscribe_page def test_subscribe_page
user = create(:user) user = create(:user)
other_user = create(:user) other_user = create(:user)

11
test/controllers/traces_controller_test.rb
View file

@ -322,6 +322,17 @@ class TracesControllerTest < ActionDispatch::IntegrationTest
assert_select "li.page-item a.page-link", :text => "Older Traces", :count => 2 assert_select "li.page-item a.page-link", :text => "Older Traces", :count => 2
end end
def test_index_invalid_paged
# Try some invalid paged accesses
%w[-1 0 fred].each do |id|
get traces_path(:before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get traces_path(:after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
# Check the RSS feed # Check the RSS feed
def test_rss def test_rss
user = create(:user) user = create(:user)

40
test/controllers/user_blocks_controller_test.rb
View file

@ -115,6 +115,18 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
check_no_page_link "Older Blocks" check_no_page_link "Older Blocks"
end end
##
# test the index action with invalid pages
def test_index_invalid_paged
%w[-1 0 fred].each do |id|
get user_blocks_path(:before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get user_blocks_path(:after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
## ##
# test the show action # test the show action
def test_show def test_show
@ -560,6 +572,20 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
check_no_page_link "Older Blocks" check_no_page_link "Older Blocks"
end end
##
# test the blocks_on action with invalid pages
def test_blocks_on_invalid_paged
user = create(:user)
%w[-1 0 fred].each do |id|
get user_blocks_on_path(user, :before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get user_blocks_on_path(user, :after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
## ##
# test the blocks_by action # test the blocks_by action
def test_blocks_by def test_blocks_by
@ -628,6 +654,20 @@ class UserBlocksControllerTest < ActionDispatch::IntegrationTest
check_no_page_link "Older Blocks" check_no_page_link "Older Blocks"
end end
##
# test the blocks_by action with invalid pages
def test_blocks_by_invalid_paged
user = create(:moderator_user)
%w[-1 0 fred].each do |id|
get user_blocks_by_path(user, :before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get user_blocks_by_path(user, :after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
private private
def check_user_blocks_table(user_blocks) def check_user_blocks_table(user_blocks)

12
test/controllers/users_controller_test.rb
View file

@ -668,6 +668,18 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
check_no_page_link "Older Users" check_no_page_link "Older Users"
end end
def test_index_get_invalid_paginated
session_for(create(:administrator_user))
%w[-1 0 fred].each do |id|
get users_path(:before => id)
assert_redirected_to :controller => :errors, :action => :bad_request
get users_path(:after => id)
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
private private
def check_no_page_link(name) def check_no_page_link(name)