diff options
| -rw-r--r-- | app/controllers/request_controller.rb | 3 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 9 |
2 files changed, 11 insertions, 1 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 0f980b43f..f8d4de22b 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -696,7 +696,8 @@ class RequestController < ApplicationController @incoming_message.parse_raw_email! @info_request = @incoming_message.info_request if @incoming_message.info_request_id != params[:id].to_i - raise ActiveRecord::RecordNotFound.new("Incoming message %d does not belong to request %d", @incoming_message.info_request_id, params[:id]) + message = "Incoming message %d does not belong to request %d" % [@incoming_message.info_request_id, params[:id]] + raise ActiveRecord::RecordNotFound.new(message) end @part_number = params[:part].to_i @filename = params[:file_name].join("/") diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 6a09516fd..cdbb7caf6 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -190,6 +190,15 @@ describe RequestController, "when showing one request" do get :get_attachment_as_html, :incoming_message_id => ir.incoming_messages[1].id, :id => ugly_id, :part => 2, :file_name => ['hello.txt.html'], :skip_cache => 1 }.should raise_error(ActiveRecord::RecordNotFound) end + it "should return 404 when incoming message and request ids don't match " do + ir = info_requests(:fancy_dog_request) + wrong_id = info_requests(:naughty_chicken_request).id + receive_incoming_mail('incoming-request-two-same-name.email', ir.incoming_email) + ir.reload + lambda { + get :get_attachment_as_html, :incoming_message_id => ir.incoming_messages[1].id, :id => wrong_id, :part => 2, :file_name => ['hello.txt.html'], :skip_cache => 1 + }.should raise_error(ActiveRecord::RecordNotFound) + end it "should generate valid HTML verson of PDF attachments " do ir = info_requests(:fancy_dog_request) |