Download as
Browse Code »

Commit 4775d93a040a715ec8d3af6a5650a065ea77eca6

Authored by JoenioCosta
1 parent 2cbbe257
Exists in staging and in 42 other branches all_pending_tasks_api, api-articles-period, api_roles, caching-rails4, captcha_serpro_plugin, comments_permissions, content-manager-hostspot, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export-comment-paragraph, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_event_date_issue, fix_notification_email, fix_string_downcase_and_upcase, follower_permition, json_cookie_serializer, login-captcha, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, production-vendorized, profile_api_improvements, tasks_keep_filter_params, user_mention, webfinger_server

ActionItem192: filtering html input user from consumption products 

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1676 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 3 changed files with 56 additions and 5 deletions   Show diff stats
app/controllers/my_profile/consumed_products_controller.rb
  Diff comments   View file @4775d93
... ... @@ -27,7 +27,17 @@ class ConsumedProductsController < ApplicationController
27 27 else
28 28 flash[:notice] = _('Could not remove the product')
29 29 end
30   - redirect_back_or_default :action => 'index'
  30 + redirect_back_or_default :action => 'index'
  31 + end
  32 +
  33 + private
  34 +
  35 + require 'erb'
  36 + include ERB::Util
  37 + def sanitize
  38 + if params[:consumption]
  39 + params[:consumption][:aditional_specifications] = html_escape(params[:consumption][:aditional_specifications]) if params[:consumption][:aditional_specifications]
  40 + end
31 41 end
32 42  
33 43 end
... ...
app/views/consumed_products/new.rhtml
  Diff comments   View file @4775d93
1   -<h2> <%= _('Add product') %> </h2>
  1 +<h2><%= _('Add product') %></h2>
2 2  
3 3 <%= error_messages_for :consumption %>
4 4  
... ...
test/functional/consumed_products_controller_test.rb
  Diff comments   View file @4775d93
... ... @@ -5,14 +5,55 @@ require &#39;consumed_products_controller&#39;
5 5 class ConsumedProductsController; def rescue_action(e) raise e end; end
6 6  
7 7 class ConsumedProductsControllerTest < Test::Unit::TestCase
  8 +
  9 + all_fixtures
  10 +
8 11 def setup
9 12 @controller = ConsumedProductsController.new
10 13 @request = ActionController::TestRequest.new
11 14 @response = ActionController::TestResponse.new
  15 +
  16 + @profile = create_user('testinguser').person
  17 + end
  18 + attr_reader :profile
  19 +
  20 + should 'display new form' do
  21 + login_as(profile.identifier)
  22 + get :new, :profile => profile.identifier
  23 + assert_tag :tag => 'h2', :content => 'Add product'
  24 + end
  25 +
  26 + should 'create product' do
  27 + login_as(profile.identifier)
  28 + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
  29 + assert_difference Consumption, :count do
  30 + post :new, :profile => profile.identifier, :consumption => { :product_category_id => product_category.id }
  31 + end
  32 + end
  33 +
  34 + should 'display list of products' do
  35 + login_as(profile.identifier)
  36 + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
  37 + profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
  38 + get :index, :profile => profile.identifier
  39 + assert_tag :tag => 'pre', :content => 'extra info'
  40 + end
  41 +
  42 + should 'filter html from specifications' do
  43 + login_as(profile.identifier)
  44 + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
  45 + post :new, :profile => profile.identifier,
  46 + :consumption => { :product_category_id => product_category.id, :aditional_specifications => 'extra <b>info</b>' }
  47 + assert_not_equal assigns(:consumption).aditional_specifications, 'extra <b>info</b>'
12 48 end
13 49  
14   - # Replace this with your real tests.
15   - def test_truth
16   - assert true
  50 + should 'destroy product' do
  51 + login_as(profile.identifier)
  52 + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
  53 + product = profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
  54 + assert_difference Consumption, :count, -1 do
  55 + post :destroy, :profile => profile.identifier, :id => product.id
  56 + end
17 57 end
  58 +
18 59 end
... ...