Merge remote-tracking branch 'upstream/bug13327-invalid-comment-urls'
This commit is contained in:
commit
f0cea65bc2
@ -4,6 +4,10 @@ Changelog
|
|||||||
2.2.1 (unreleased)
|
2.2.1 (unreleased)
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
|
- Make conversation view not break when comment-id cannot be converted to long.
|
||||||
|
Fixes #13327
|
||||||
|
[khink]
|
||||||
|
|
||||||
- fix insufficient privileges when trying to view
|
- fix insufficient privileges when trying to view
|
||||||
the RSS feed of a comment collection
|
the RSS feed of a comment collection
|
||||||
[maartenkling]
|
[maartenkling]
|
||||||
|
@ -210,7 +210,11 @@ class Conversation(Traversable, Persistent, Explicit):
|
|||||||
def __getitem__(self, key):
|
def __getitem__(self, key):
|
||||||
"""Get an item by its long key
|
"""Get an item by its long key
|
||||||
"""
|
"""
|
||||||
return self._comments[long(key)].__of__(self)
|
try:
|
||||||
|
comment_id = long(key)
|
||||||
|
except ValueError:
|
||||||
|
return
|
||||||
|
return self._comments[comment_id].__of__(self)
|
||||||
|
|
||||||
def __delitem__(self, key, suppress_container_modified=False):
|
def __delitem__(self, key, suppress_container_modified=False):
|
||||||
"""Delete an item by its long key
|
"""Delete an item by its long key
|
||||||
|
70
plone/app/discussion/tests/functional_test_comment_url.txt
Normal file
70
plone/app/discussion/tests/functional_test_comment_url.txt
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
===================================
|
||||||
|
Dealing with faulty comment links
|
||||||
|
===================================
|
||||||
|
|
||||||
|
Make sure that calling specially crafted URLs doesn't break the conversation
|
||||||
|
view.
|
||||||
|
|
||||||
|
See also https://dev.plone.org/ticket/13327
|
||||||
|
|
||||||
|
|
||||||
|
Setting up and logging in
|
||||||
|
=========================
|
||||||
|
|
||||||
|
First we have to set up some things and login.
|
||||||
|
|
||||||
|
>>> app = layer['app']
|
||||||
|
>>> from plone.testing.z2 import Browser
|
||||||
|
>>> browser = Browser(app)
|
||||||
|
>>> browser.addHeader('Authorization', 'Basic admin:secret')
|
||||||
|
>>> portal = layer['portal']
|
||||||
|
>>> portal_url = 'http://nohost/plone'
|
||||||
|
|
||||||
|
As we're expecting to see 404s, the test should not break on HTTP errors.
|
||||||
|
|
||||||
|
>>> browser.raiseHttpErrors = False
|
||||||
|
|
||||||
|
Enable commenting.
|
||||||
|
|
||||||
|
>>> from zope.component import queryUtility
|
||||||
|
>>> from plone.registry.interfaces import IRegistry
|
||||||
|
>>> from plone.app.discussion.interfaces import IDiscussionSettings
|
||||||
|
>>> registry = queryUtility(IRegistry)
|
||||||
|
>>> settings = registry.forInterface(IDiscussionSettings)
|
||||||
|
>>> settings.globally_enabled = True
|
||||||
|
|
||||||
|
Create a public page with comments allowed.
|
||||||
|
|
||||||
|
>>> browser.open(portal_url)
|
||||||
|
>>> browser.getLink(id='document').click()
|
||||||
|
>>> browser.getControl(name='title').value = "Doc1"
|
||||||
|
>>> browser.getControl(name='allowDiscussion:boolean').value = True
|
||||||
|
>>> browser.getControl(name='form.button.save').click()
|
||||||
|
>>> urldoc1 = browser.url
|
||||||
|
|
||||||
|
Check that the form has been properly submitted
|
||||||
|
|
||||||
|
>>> browser.url
|
||||||
|
'http://nohost/plone/doc1'
|
||||||
|
|
||||||
|
|
||||||
|
Checking invalid comment links
|
||||||
|
==============================
|
||||||
|
|
||||||
|
URL has invalid comment id
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
Test a URL with a comment id that cannot be converted to long integer.
|
||||||
|
|
||||||
|
>>> url_invalid_comment_id = "%s/++conversation++default/ThisCantBeRight" % urldoc1
|
||||||
|
>>> browser.open(url_invalid_comment_id)
|
||||||
|
|
||||||
|
We should not get an error,
|
||||||
|
|
||||||
|
>>> "500 Internal Server Error" in str(browser.headers)
|
||||||
|
False
|
||||||
|
|
||||||
|
but we should get a 404:
|
||||||
|
|
||||||
|
>>> "404 Not Found" in str(browser.headers)
|
||||||
|
True
|
@ -20,7 +20,8 @@ optionflags = (
|
|||||||
doctest.REPORT_ONLY_FIRST_FAILURE)
|
doctest.REPORT_ONLY_FIRST_FAILURE)
|
||||||
normal_testfiles = [
|
normal_testfiles = [
|
||||||
'functional_test_comments.txt',
|
'functional_test_comments.txt',
|
||||||
'functional_test_comment_review_workflow.txt'
|
'functional_test_comment_review_workflow.txt',
|
||||||
|
'functional_test_comment_url.txt',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user