From 4775d93a040a715ec8d3af6a5650a065ea77eca6 Mon Sep 17 00:00:00 2001 From: JoenioCosta Date: Tue, 22 Apr 2008 18:40:17 +0000 Subject: [PATCH] ActionItem192: filtering html input user from consumption products --- app/controllers/my_profile/consumed_products_controller.rb | 12 +++++++++++- app/views/consumed_products/new.rhtml | 2 +- test/functional/consumed_products_controller_test.rb | 47 ++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 56 insertions(+), 5 deletions(-) diff --git a/app/controllers/my_profile/consumed_products_controller.rb b/app/controllers/my_profile/consumed_products_controller.rb index 0273b95..4652cfc 100644 --- a/app/controllers/my_profile/consumed_products_controller.rb +++ b/app/controllers/my_profile/consumed_products_controller.rb @@ -27,7 +27,17 @@ class ConsumedProductsController < ApplicationController else flash[:notice] = _('Could not remove the product') end - redirect_back_or_default :action => 'index' + redirect_back_or_default :action => 'index' + end + + private + + require 'erb' + include ERB::Util + def sanitize + if params[:consumption] + params[:consumption][:aditional_specifications] = html_escape(params[:consumption][:aditional_specifications]) if params[:consumption][:aditional_specifications] + end end end diff --git a/app/views/consumed_products/new.rhtml b/app/views/consumed_products/new.rhtml index d251b9c..d3131d2 100644 --- a/app/views/consumed_products/new.rhtml +++ b/app/views/consumed_products/new.rhtml @@ -1,4 +1,4 @@ -

<%= _('Add product') %>

+

<%= _('Add product') %>

<%= error_messages_for :consumption %> diff --git a/test/functional/consumed_products_controller_test.rb b/test/functional/consumed_products_controller_test.rb index d7e76fb..6afed4c 100644 --- a/test/functional/consumed_products_controller_test.rb +++ b/test/functional/consumed_products_controller_test.rb @@ -5,14 +5,55 @@ require 'consumed_products_controller' class ConsumedProductsController; def rescue_action(e) raise e end; end class ConsumedProductsControllerTest < Test::Unit::TestCase + + all_fixtures + def setup @controller = ConsumedProductsController.new @request = ActionController::TestRequest.new @response = ActionController::TestResponse.new + + @profile = create_user('testinguser').person + end + attr_reader :profile + + should 'display new form' do + login_as(profile.identifier) + get :new, :profile => profile.identifier + assert_tag :tag => 'h2', :content => 'Add product' + end + + should 'create product' do + login_as(profile.identifier) + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default) + assert_difference Consumption, :count do + post :new, :profile => profile.identifier, :consumption => { :product_category_id => product_category.id } + end + end + + should 'display list of products' do + login_as(profile.identifier) + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default) + profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info') + get :index, :profile => profile.identifier + assert_tag :tag => 'pre', :content => 'extra info' + end + + should 'filter html from specifications' do + login_as(profile.identifier) + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default) + post :new, :profile => profile.identifier, + :consumption => { :product_category_id => product_category.id, :aditional_specifications => 'extra info' } + assert_not_equal assigns(:consumption).aditional_specifications, 'extra info' end - # Replace this with your real tests. - def test_truth - assert true + should 'destroy product' do + login_as(profile.identifier) + product_category = ProductCategory.create!(:name => 'Food', :environment => Environment.default) + product = profile.consumptions.create!(:product_category_id => product_category.id, :aditional_specifications => 'extra info') + assert_difference Consumption, :count, -1 do + post :destroy, :profile => profile.identifier, :id => product.id + end end + end -- libgit2 0.21.2