Merge remote-tracking branch 'upstream/bug13327-invalid-comment-urls'
This commit is contained in:
commit
f0cea65bc2
@ -4,6 +4,10 @@ Changelog
|
||||
2.2.1 (unreleased)
|
||||
------------------
|
||||
|
||||
- Make conversation view not break when comment-id cannot be converted to long.
|
||||
Fixes #13327
|
||||
[khink]
|
||||
|
||||
- fix insufficient privileges when trying to view
|
||||
the RSS feed of a comment collection
|
||||
[maartenkling]
|
||||
|
@ -210,7 +210,11 @@ class Conversation(Traversable, Persistent, Explicit):
|
||||
def __getitem__(self, key):
|
||||
"""Get an item by its long key
|
||||
"""
|
||||
return self._comments[long(key)].__of__(self)
|
||||
try:
|
||||
comment_id = long(key)
|
||||
except ValueError:
|
||||
return
|
||||
return self._comments[comment_id].__of__(self)
|
||||
|
||||
def __delitem__(self, key, suppress_container_modified=False):
|
||||
"""Delete an item by its long key
|
||||
|
70
plone/app/discussion/tests/functional_test_comment_url.txt
Normal file
70
plone/app/discussion/tests/functional_test_comment_url.txt
Normal file
@ -0,0 +1,70 @@
|
||||
===================================
|
||||
Dealing with faulty comment links
|
||||
===================================
|
||||
|
||||
Make sure that calling specially crafted URLs doesn't break the conversation
|
||||
view.
|
||||
|
||||
See also https://dev.plone.org/ticket/13327
|
||||
|
||||
|
||||
Setting up and logging in
|
||||
=========================
|
||||
|
||||
First we have to set up some things and login.
|
||||
|
||||
>>> app = layer['app']
|
||||
>>> from plone.testing.z2 import Browser
|
||||
>>> browser = Browser(app)
|
||||
>>> browser.addHeader('Authorization', 'Basic admin:secret')
|
||||
>>> portal = layer['portal']
|
||||
>>> portal_url = 'http://nohost/plone'
|
||||
|
||||
As we're expecting to see 404s, the test should not break on HTTP errors.
|
||||
|
||||
>>> browser.raiseHttpErrors = False
|
||||
|
||||
Enable commenting.
|
||||
|
||||
>>> from zope.component import queryUtility
|
||||
>>> from plone.registry.interfaces import IRegistry
|
||||
>>> from plone.app.discussion.interfaces import IDiscussionSettings
|
||||
>>> registry = queryUtility(IRegistry)
|
||||
>>> settings = registry.forInterface(IDiscussionSettings)
|
||||
>>> settings.globally_enabled = True
|
||||
|
||||
Create a public page with comments allowed.
|
||||
|
||||
>>> browser.open(portal_url)
|
||||
>>> browser.getLink(id='document').click()
|
||||
>>> browser.getControl(name='title').value = "Doc1"
|
||||
>>> browser.getControl(name='allowDiscussion:boolean').value = True
|
||||
>>> browser.getControl(name='form.button.save').click()
|
||||
>>> urldoc1 = browser.url
|
||||
|
||||
Check that the form has been properly submitted
|
||||
|
||||
>>> browser.url
|
||||
'http://nohost/plone/doc1'
|
||||
|
||||
|
||||
Checking invalid comment links
|
||||
==============================
|
||||
|
||||
URL has invalid comment id
|
||||
--------------------------
|
||||
|
||||
Test a URL with a comment id that cannot be converted to long integer.
|
||||
|
||||
>>> url_invalid_comment_id = "%s/++conversation++default/ThisCantBeRight" % urldoc1
|
||||
>>> browser.open(url_invalid_comment_id)
|
||||
|
||||
We should not get an error,
|
||||
|
||||
>>> "500 Internal Server Error" in str(browser.headers)
|
||||
False
|
||||
|
||||
but we should get a 404:
|
||||
|
||||
>>> "404 Not Found" in str(browser.headers)
|
||||
True
|
@ -20,7 +20,8 @@ optionflags = (
|
||||
doctest.REPORT_ONLY_FIRST_FAILURE)
|
||||
normal_testfiles = [
|
||||
'functional_test_comments.txt',
|
||||
'functional_test_comment_review_workflow.txt'
|
||||
'functional_test_comment_review_workflow.txt',
|
||||
'functional_test_comment_url.txt',
|
||||
]
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user