diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
| -rw-r--r-- | spec/integration/errors_spec.rb | 7 |
2 files changed, 17 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 370e8e15c..410778d9a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -131,6 +131,7 @@ class ApplicationController < ActionController::Base case exception when ActiveRecord::RecordNotFound, RouteNotFound @status = 404 + sanitize_path(params) when PermissionDenied @status = 403 else @@ -441,6 +442,15 @@ class ApplicationController < ActionController::Base `git log -1 --format="%H"`.strip end + # URL Encode the path parameter for use in render_exception + # + # params - the params Hash + # + # Returns a Hash + def sanitize_path(params) + params.merge!(:path => Rack::Utils.escape(params[:path])) if params.key?(:path) + end + # URL generating functions are needed by all controllers (for redirects), # views (for links) and mailers (for use in emails), so include them into # all of all. diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 17a0153c2..3ff3edb53 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -54,6 +54,13 @@ describe "When errors occur" do end end + it 'should url encode params' do + get ('/%d3') + response.should render_template('general/exception_caught') + response.code.should == '404' + response.body.should match("Sorry, we couldn't find that page") + end + it "should render a 500 for general errors using the general/exception_caught template" do InfoRequest.stub!(:find_by_url_title!).and_raise("An example error") get("/request/example") |