diff options
author | thedarkone <nobody> | 2009-02-24 10:41:45 -0600 |
---|---|---|
committer | Joshua Peek <josh@joshpeek.com> | 2009-02-24 10:41:45 -0600 |
commit | 85df4841ddb3db3970fa9e798de698cf6f16752a (patch) | |
tree | 9d642c104169388ba86e80c44429885d40afc961 | |
parent | b35562f432d0807517a614a540026c2fc557e2ac (diff) | |
download | rails-85df4841ddb3db3970fa9e798de698cf6f16752a.tar.gz rails-85df4841ddb3db3970fa9e798de698cf6f16752a.tar.bz2 rails-85df4841ddb3db3970fa9e798de698cf6f16752a.zip |
Template without a known template handler should only be reachable through its exact path. [#2027 state:resolved]
Signed-off-by: Joshua Peek <josh@joshpeek.com>
-rw-r--r-- | actionpack/lib/action_view/template.rb | 23 | ||||
-rw-r--r-- | actionpack/test/template/render_test.rb | 10 |
2 files changed, 25 insertions, 8 deletions
diff --git a/actionpack/lib/action_view/template.rb b/actionpack/lib/action_view/template.rb index ea838b9b02..0dd3a7e619 100644 --- a/actionpack/lib/action_view/template.rb +++ b/actionpack/lib/action_view/template.rb @@ -103,12 +103,12 @@ module ActionView #:nodoc: @@exempt_from_layout.merge(regexps) end - attr_accessor :filename, :load_path, :base_path + attr_accessor :template_path, :filename, :load_path, :base_path attr_accessor :locale, :name, :format, :extension delegate :to_s, :to => :path def initialize(template_path, load_path) - template_path = template_path.dup + @template_path = template_path.dup @load_path, @filename = load_path, File.join(load_path, template_path) @base_path, @name, @locale, @format, @extension = split(template_path) @base_path.to_s.gsub!(/\/$/, '') # Push to split method @@ -119,13 +119,20 @@ module ActionView #:nodoc: def accessible_paths paths = [] - paths << path - paths << path_without_extension - if multipart? - formats = format.split(".") - paths << "#{path_without_format_and_extension}.#{formats.first}" - paths << "#{path_without_format_and_extension}.#{formats.second}" + + if valid_extension?(extension) + paths << path + paths << path_without_extension + if multipart? + formats = format.split(".") + paths << "#{path_without_format_and_extension}.#{formats.first}" + paths << "#{path_without_format_and_extension}.#{formats.second}" + end + else + # template without explicit template handler should only be reachable through its exact path + paths << template_path end + paths end diff --git a/actionpack/test/template/render_test.rb b/actionpack/test/template/render_test.rb index 107c625e32..de7fa3de65 100644 --- a/actionpack/test/template/render_test.rb +++ b/actionpack/test/template/render_test.rb @@ -224,6 +224,16 @@ module RenderTestCases assert_equal 'source: Hello, <%= name %>!; locals: {:name=>"Josh"}', @view.render(:inline => "Hello, <%= name %>!", :locals => { :name => "Josh" }, :type => :foo) end + def test_render_ignores_templates_with_malformed_template_handlers + %w(malformed malformed.erb malformed.html.erb malformed.en.html.erb).each do |name| + assert_raise(ActionView::MissingTemplate) { @view.render(:file => "test/malformed/#{name}") } + end + end + + def test_template_with_malformed_template_handler_is_reachable_trough_its_exact_filename + assert_equal "Don't render me!", @view.render(:file => 'test/malformed/malformed.html.erb~') + end + def test_render_with_layout assert_equal %(<title></title>\nHello world!\n), @view.render(:file => "test/hello_world.erb", :layout => "layouts/yield") |