ActionItem192: filtering html input user from consumption products

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1676 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem192: filtering html input user from consumption products
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1676 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent 2cbbe257
Showing 3 changed files with 56 additions and 5 deletions Show diff stats
app/controllers/my_profile/consumed_products_controller.rb
app/views/consumed_products/new.rhtml
test/functional/consumed_products_controller_test.rb
@@ -27,7 +27,17 @@ class ConsumedProductsController &lt; ApplicationController
     else
       flash[:notice] = _('Could not remove the product')
     end
-      redirect_back_or_default :action => 'index'
+    redirect_back_or_default :action => 'index'
+  end
+
+  private
+  
+  require 'erb'
+  include ERB::Util
+  def sanitize
+    if params[:consumption]
+      params[:consumption][:aditional_specifications] = html_escape(params[:consumption][:aditional_specifications]) if params[:consumption][:aditional_specifications]
+    end
   end
 end
-<h2> <%= _('Add product') %> </h2>
+<h2><%= _('Add product') %></h2>
 <%= error_messages_for :consumption  %>
@@ -5,14 +5,55 @@ require &#39;consumed_products_controller&#39;
 class ConsumedProductsController; def rescue_action(e) raise e end; end
 class ConsumedProductsControllerTest < Test::Unit::TestCase
+
+  all_fixtures
+
   def setup
     @controller = ConsumedProductsController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
+
+    @profile = create_user('testinguser').person
+  end
+  attr_reader :profile
+
+  should 'display new form' do
+    login_as(profile.identifier)
+    get :new, :profile => profile.identifier
+    assert_tag :tag => 'h2', :content => 'Add product'
+  end
+
+  should 'create product' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    assert_difference Consumption, :count do
+      post :new, :profile => profile.identifier, :consumption => { :product_category_id => product_category.id }
+    end
+  end
+
+  should 'display list of products' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
+    get :index, :profile => profile.identifier
+    assert_tag :tag => 'pre', :content => 'extra info'
+  end
+
+  should 'filter html from specifications' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    post :new, :profile => profile.identifier,
+      :consumption => { :product_category_id => product_category.id, :aditional_specifications => 'extra <b>info</b>' }
+    assert_not_equal assigns(:consumption).aditional_specifications, 'extra <b>info</b>'
   end
-  # Replace this with your real tests.
-  def test_truth
-    assert true
+  should 'destroy product' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    product = profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
+    assert_difference Consumption, :count, -1 do
+      post :destroy, :profile => profile.identifier, :id => product.id
+    end
   end
+  
 end
	@@ -27,7 +27,17 @@ class ConsumedProductsController < ApplicationController		@@ -27,7 +27,17 @@ class ConsumedProductsController < ApplicationController
27	else	27	else
28	flash[:notice] = _('Could not remove the product')	28	flash[:notice] = _('Could not remove the product')
29	end	29	end
30	- redirect_back_or_default :action => 'index'	30	+ redirect_back_or_default :action => 'index'
		31	+ end
		32	+
		33	+ private
		34	+
		35	+ require 'erb'
		36	+ include ERB::Util
		37	+ def sanitize
		38	+ if params[:consumption]
		39	+ params[:consumption][:aditional_specifications] = html_escape(params[:consumption][:aditional_specifications]) if params[:consumption][:aditional_specifications]
		40	+ end
31	end	41	end
32		42
33	end	43	end
1	-<h2> <%= _('Add product') %> </h2>	1	+<h2><%= _('Add product') %></h2>
2		2
3	<%= error_messages_for :consumption %>	3	<%= error_messages_for :consumption %>
4		4
	@@ -5,14 +5,55 @@ require 'consumed_products_controller'		@@ -5,14 +5,55 @@ require 'consumed_products_controller'
5	class ConsumedProductsController; def rescue_action(e) raise e end; end	5	class ConsumedProductsController; def rescue_action(e) raise e end; end
6		6
7	class ConsumedProductsControllerTest < Test::Unit::TestCase	7	class ConsumedProductsControllerTest < Test::Unit::TestCase
		8	+
		9	+ all_fixtures
		10	+
8	def setup	11	def setup
9	@controller = ConsumedProductsController.new	12	@controller = ConsumedProductsController.new
10	@request = ActionController::TestRequest.new	13	@request = ActionController::TestRequest.new
11	@response = ActionController::TestResponse.new	14	@response = ActionController::TestResponse.new
		15	+
		16	+ @profile = create_user('testinguser').person
		17	+ end
		18	+ attr_reader :profile
		19	+
		20	+ should 'display new form' do
		21	+ login_as(profile.identifier)
		22	+ get :new, :profile => profile.identifier
		23	+ assert_tag :tag => 'h2', :content => 'Add product'
		24	+ end
		25	+
		26	+ should 'create product' do
		27	+ login_as(profile.identifier)
		28	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
		29	+ assert_difference Consumption, :count do
		30	+ post :new, :profile => profile.identifier, :consumption => { :product_category_id => product_category.id }
		31	+ end
		32	+ end
		33	+
		34	+ should 'display list of products' do
		35	+ login_as(profile.identifier)
		36	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
		37	+ profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
		38	+ get :index, :profile => profile.identifier
		39	+ assert_tag :tag => 'pre', :content => 'extra info'
		40	+ end
		41	+
		42	+ should 'filter html from specifications' do
		43	+ login_as(profile.identifier)
		44	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
		45	+ post :new, :profile => profile.identifier,
		46	+ :consumption => { :product_category_id => product_category.id, :aditional_specifications => 'extra <b>info</b>' }
		47	+ assert_not_equal assigns(:consumption).aditional_specifications, 'extra <b>info</b>'
12	end	48	end
13		49
14	- # Replace this with your real tests.
15	- def test_truth
16	- assert true	50	+ should 'destroy product' do
		51	+ login_as(profile.identifier)
		52	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
		53	+ product = profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
		54	+ assert_difference Consumption, :count, -1 do
		55	+ post :destroy, :profile => profile.identifier, :id => product.id
		56	+ end
17	end	57	end
		58	+
18	end	59	end