Don't allow directory listings (better fix for and closes #340).

author: Seb Bacon <seb.bacon@gmail.com> 2012-01-17 13:31:22 +0000
committer: Seb Bacon <seb.bacon@gmail.com> 2012-01-17 13:31:22 +0000
commit: 3affd6ab3d29bf2e86c9d4b00733499d060af20c (patch)
tree: 7f924c0c3e0322700b0d97b575ffb60337e975ea /spec/integration/errors_spec.rb
parent: ba7310b580b2b03068568497c02eae7cbcd2d901 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb
index 705c1fff8..d03323445 100644
--- a/spec/integration/errors_spec.rb
+++ b/spec/integration/errors_spec.rb
@@ -46,10 +46,13 @@ describe "When rendering errors" do
         response.code.should == "500"
     end
     it "should render a 403 for attempts at directory listing for attachments" do
-        get("/request/5/response/4/attach/html/3/" )
-        response.code.should == "403"
-        get("/request/5/response/4/attach/html" )
+        # make a fake cache
+        foi_cache_path = File.join(File.dirname(__FILE__), '../../cache')
+        FileUtils.mkdir_p(File.join(foi_cache_path, "views/en/request/101/101/response/1/attach/html/1"))
+        get("/request/101/response/1/attach/html/1/" )
         response.code.should == "403"
+        get("/request/101/response/1/attach/html" )
+        response.code.should == "403" 
     end
     it "should render a 404 for non-existent 'details' pages for requests" do
         get("/details/request/wobble" )
author	Seb Bacon <seb.bacon@gmail.com>	2012-01-17 13:31:22 +0000
committer	Seb Bacon <seb.bacon@gmail.com>	2012-01-17 13:31:22 +0000
commit	3affd6ab3d29bf2e86c9d4b00733499d060af20c (patch)
tree	7f924c0c3e0322700b0d97b575ffb60337e975ea /spec/integration/errors_spec.rb
parent	ba7310b580b2b03068568497c02eae7cbcd2d901 (diff)