aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorthedarkone <nobody>2009-02-24 10:41:45 -0600
committerJoshua Peek <josh@joshpeek.com>2009-02-24 10:41:45 -0600
commit85df4841ddb3db3970fa9e798de698cf6f16752a (patch)
tree9d642c104169388ba86e80c44429885d40afc961
parentb35562f432d0807517a614a540026c2fc557e2ac (diff)
downloadrails-85df4841ddb3db3970fa9e798de698cf6f16752a.tar.gz
rails-85df4841ddb3db3970fa9e798de698cf6f16752a.tar.bz2
rails-85df4841ddb3db3970fa9e798de698cf6f16752a.zip
Template without a known template handler should only be reachable through its exact path. [#2027 state:resolved]
Signed-off-by: Joshua Peek <josh@joshpeek.com>
-rw-r--r--actionpack/lib/action_view/template.rb23
-rw-r--r--actionpack/test/template/render_test.rb10
2 files changed, 25 insertions, 8 deletions
diff --git a/actionpack/lib/action_view/template.rb b/actionpack/lib/action_view/template.rb
index ea838b9b02..0dd3a7e619 100644
--- a/actionpack/lib/action_view/template.rb
+++ b/actionpack/lib/action_view/template.rb
@@ -103,12 +103,12 @@ module ActionView #:nodoc:
@@exempt_from_layout.merge(regexps)
end
- attr_accessor :filename, :load_path, :base_path
+ attr_accessor :template_path, :filename, :load_path, :base_path
attr_accessor :locale, :name, :format, :extension
delegate :to_s, :to => :path
def initialize(template_path, load_path)
- template_path = template_path.dup
+ @template_path = template_path.dup
@load_path, @filename = load_path, File.join(load_path, template_path)
@base_path, @name, @locale, @format, @extension = split(template_path)
@base_path.to_s.gsub!(/\/$/, '') # Push to split method
@@ -119,13 +119,20 @@ module ActionView #:nodoc:
def accessible_paths
paths = []
- paths << path
- paths << path_without_extension
- if multipart?
- formats = format.split(".")
- paths << "#{path_without_format_and_extension}.#{formats.first}"
- paths << "#{path_without_format_and_extension}.#{formats.second}"
+
+ if valid_extension?(extension)
+ paths << path
+ paths << path_without_extension
+ if multipart?
+ formats = format.split(".")
+ paths << "#{path_without_format_and_extension}.#{formats.first}"
+ paths << "#{path_without_format_and_extension}.#{formats.second}"
+ end
+ else
+ # template without explicit template handler should only be reachable through its exact path
+ paths << template_path
end
+
paths
end
diff --git a/actionpack/test/template/render_test.rb b/actionpack/test/template/render_test.rb
index 107c625e32..de7fa3de65 100644
--- a/actionpack/test/template/render_test.rb
+++ b/actionpack/test/template/render_test.rb
@@ -224,6 +224,16 @@ module RenderTestCases
assert_equal 'source: Hello, <%= name %>!; locals: {:name=>"Josh"}', @view.render(:inline => "Hello, <%= name %>!", :locals => { :name => "Josh" }, :type => :foo)
end
+ def test_render_ignores_templates_with_malformed_template_handlers
+ %w(malformed malformed.erb malformed.html.erb malformed.en.html.erb).each do |name|
+ assert_raise(ActionView::MissingTemplate) { @view.render(:file => "test/malformed/#{name}") }
+ end
+ end
+
+ def test_template_with_malformed_template_handler_is_reachable_trough_its_exact_filename
+ assert_equal "Don't render me!", @view.render(:file => 'test/malformed/malformed.html.erb~')
+ end
+
def test_render_with_layout
assert_equal %(<title></title>\nHello world!\n),
@view.render(:file => "test/hello_world.erb", :layout => "layouts/yield")