ActionItem192: filtering html input user from consumption products

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1676 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem192: filtering html input user from consumption products
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1676 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent 2cbbe257
Showing 3 changed files with 56 additions and 5 deletions Show diff stats
app/controllers/my_profile/consumed_products_controller.rb
app/views/consumed_products/new.rhtml
test/functional/consumed_products_controller_test.rb
@@ -27,7 +27,17 @@ class ConsumedProductsController &lt; ApplicationController
     else
       flash[:notice] = _('Could not remove the product')
     end
-      redirect_back_or_default :action => 'index'
+    redirect_back_or_default :action => 'index'
+  end
+
+  private
+  
+  require 'erb'
+  include ERB::Util
+  def sanitize
+    if params[:consumption]
+      params[:consumption][:aditional_specifications] = html_escape(params[:consumption][:aditional_specifications]) if params[:consumption][:aditional_specifications]
+    end
   end
  
 end
-<h2> <%= _('Add product') %> </h2>
+<h2><%= _('Add product') %></h2>
  
 <%= error_messages_for :consumption  %>
  
@@ -5,14 +5,55 @@ require &#39;consumed_products_controller&#39;
 class ConsumedProductsController; def rescue_action(e) raise e end; end
  
 class ConsumedProductsControllerTest < Test::Unit::TestCase
+
+  all_fixtures
+
   def setup
     @controller = ConsumedProductsController.new
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
+
+    @profile = create_user('testinguser').person
+  end
+  attr_reader :profile
+
+  should 'display new form' do
+    login_as(profile.identifier)
+    get :new, :profile => profile.identifier
+    assert_tag :tag => 'h2', :content => 'Add product'
+  end
+
+  should 'create product' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    assert_difference Consumption, :count do
+      post :new, :profile => profile.identifier, :consumption => { :product_category_id => product_category.id }
+    end
+  end
+
+  should 'display list of products' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
+    get :index, :profile => profile.identifier
+    assert_tag :tag => 'pre', :content => 'extra info'
+  end
+
+  should 'filter html from specifications' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    post :new, :profile => profile.identifier,
+      :consumption => { :product_category_id => product_category.id, :aditional_specifications => 'extra <b>info</b>' }
+    assert_not_equal assigns(:consumption).aditional_specifications, 'extra <b>info</b>'
   end
  
-  # Replace this with your real tests.
-  def test_truth
-    assert true
+  should 'destroy product' do
+    login_as(profile.identifier)
+    product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
+    product = profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
+    assert_difference Consumption, :count, -1 do
+      post :destroy, :profile => profile.identifier, :id => product.id
+    end
   end
+  
 end
...	...	@@ -27,7 +27,17 @@ class ConsumedProductsController < ApplicationController
27	27	else
28	28	flash[:notice] = _('Could not remove the product')
29	29	end
30		- redirect_back_or_default :action => 'index'
	30	+ redirect_back_or_default :action => 'index'
	31	+ end
	32	+
	33	+ private
	34	+
	35	+ require 'erb'
	36	+ include ERB::Util
	37	+ def sanitize
	38	+ if params[:consumption]
	39	+ params[:consumption][:aditional_specifications] = html_escape(params[:consumption][:aditional_specifications]) if params[:consumption][:aditional_specifications]
	40	+ end
31	41	end
32	42
33	43	end
...	...
1		-<h2> <%= _('Add product') %> </h2>
	1	+<h2><%= _('Add product') %></h2>
2	2
3	3	<%= error_messages_for :consumption %>
4	4
...	...
...	...	@@ -5,14 +5,55 @@ require 'consumed_products_controller'
5	5	class ConsumedProductsController; def rescue_action(e) raise e end; end
6	6
7	7	class ConsumedProductsControllerTest < Test::Unit::TestCase
	8	+
	9	+ all_fixtures
	10	+
8	11	def setup
9	12	@controller = ConsumedProductsController.new
10	13	@request = ActionController::TestRequest.new
11	14	@response = ActionController::TestResponse.new
	15	+
	16	+ @profile = create_user('testinguser').person
	17	+ end
	18	+ attr_reader :profile
	19	+
	20	+ should 'display new form' do
	21	+ login_as(profile.identifier)
	22	+ get :new, :profile => profile.identifier
	23	+ assert_tag :tag => 'h2', :content => 'Add product'
	24	+ end
	25	+
	26	+ should 'create product' do
	27	+ login_as(profile.identifier)
	28	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
	29	+ assert_difference Consumption, :count do
	30	+ post :new, :profile => profile.identifier, :consumption => { :product_category_id => product_category.id }
	31	+ end
	32	+ end
	33	+
	34	+ should 'display list of products' do
	35	+ login_as(profile.identifier)
	36	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
	37	+ profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
	38	+ get :index, :profile => profile.identifier
	39	+ assert_tag :tag => 'pre', :content => 'extra info'
	40	+ end
	41	+
	42	+ should 'filter html from specifications' do
	43	+ login_as(profile.identifier)
	44	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
	45	+ post :new, :profile => profile.identifier,
	46	+ :consumption => { :product_category_id => product_category.id, :aditional_specifications => 'extra <b>info</b>' }
	47	+ assert_not_equal assigns(:consumption).aditional_specifications, 'extra <b>info</b>'
12	48	end
13	49
14		- # Replace this with your real tests.
15		- def test_truth
16		- assert true
	50	+ should 'destroy product' do
	51	+ login_as(profile.identifier)
	52	+ product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default)
	53	+ product = profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info')
	54	+ assert_difference Consumption, :count, -1 do
	55	+ post :destroy, :profile => profile.identifier, :id => product.id
	56	+ end
17	57	end
	58	+
18	59	end
...	...