Commit 19204483 authored by jplang's avatar jplang
Browse files

Fixed: submitting a non numerical parent task input creates a 500 error (#6932).

git-svn-id: https://svn.redmine.org/redmine/trunk@4414 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 6add6903
......@@ -276,7 +276,7 @@ class Issue < ActiveRecord::Base
if !user.allowed_to?(:manage_subtasks, project)
attrs.delete('parent_issue_id')
elsif !attrs['parent_issue_id'].blank?
attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'])
attrs.delete('parent_issue_id') unless Issue.visible(user).exists?(attrs['parent_issue_id'].to_i)
end
end
......
......@@ -525,6 +525,20 @@ class IssuesControllerTest < ActionController::TestCase
assert_not_nil issue
assert_equal Issue.find(2), issue.parent
end
def test_post_create_subissue_with_non_numeric_parent_id
@request.session[:user_id] = 2
assert_difference 'Issue.count' do
post :create, :project_id => 1,
:issue => {:tracker_id => 1,
:subject => 'This is a child issue',
:parent_issue_id => 'ABC'}
end
issue = Issue.find_by_subject('This is a child issue')
assert_not_nil issue
assert_nil issue.parent
end
def test_post_create_should_send_a_notification
ActionMailer::Base.deliveries.clear
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment