From 43bd77a1ad43d7cb24117bf3973f841221fd2c6e Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Thu, 12 Jan 2012 07:47:16 +0000
Subject: Return 403 when attachment "folders" are spidered.  Fixes #340

---
 spec/integration/errors_spec.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'spec/integration/errors_spec.rb')

diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb
index bfb7e5fb5..f8f9162c1 100644
--- a/spec/integration/errors_spec.rb
+++ b/spec/integration/errors_spec.rb
@@ -45,5 +45,9 @@ describe "When rendering errors" do
         get("/request/#{ir.url_title}")
         response.code.should == "500"
     end
+    it "should render a 403 for attempts at directory listing for attachments" do
+        get("/request/5/response/4/attach/html/3/" )
+        response.code.should == "403"
+    end
 end
 
-- 
cgit v1.2.3


From f158e9c96d2af74c940a8d775799fcb9755d0b12 Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Thu, 12 Jan 2012 08:05:57 +0000
Subject: Return 404 for non-existent 'details' pages.  Fixes #325

---
 spec/integration/errors_spec.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'spec/integration/errors_spec.rb')

diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb
index f8f9162c1..8084bb35a 100644
--- a/spec/integration/errors_spec.rb
+++ b/spec/integration/errors_spec.rb
@@ -49,5 +49,9 @@ describe "When rendering errors" do
         get("/request/5/response/4/attach/html/3/" )
         response.code.should == "403"
     end
+    it "should render a 404 for non-existent 'details' pages for requests" do
+        get("/details/request/wobble" )
+        response.code.should == "404"
+    end
 end
 
-- 
cgit v1.2.3