From 45f25290e2e4a1f33ec5d3df6ecfb40300318ece Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 31 Oct 2014 15:16:05 +0000 Subject: Use rack-utf8_sanitizer gem This sanitises non utf-8 params before they're processed by Rails. --- spec/integration/errors_spec.rb | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 4fa12fb21..b36e08b2b 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -62,14 +62,12 @@ describe "When errors occur" do response.body.should match(%Q(invalid value for Integer)) end - # it 'should handle non utf-8 parameters' do - # pending 'until we sanitize non utf-8 parameters for Ruby >= 1.9' do - # get ('/%d3') - # response.should render_template('general/exception_caught') - # response.code.should == '404' - # response.body.should match("Sorry, we couldn't find that page") - # end - # end + it 'should handle non utf-8 parameters' do + get ('/%d3') + response.should render_template('general/exception_caught') + response.code.should == '404' + response.body.should match("Sorry, we couldn't find that page") + end it "should render a 500 for general errors using the general/exception_caught template" do -- cgit v1.2.3 From 9f5f602fbb38a32619dad93464c1ab263b1a66d7 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Tue, 18 Nov 2014 16:21:47 +0000 Subject: Don't display specific error messages in production. --- spec/integration/errors_spec.rb | 3 --- 1 file changed, 3 deletions(-) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 4fa12fb21..532576bb9 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -59,7 +59,6 @@ describe "When errors occur" do response.should render_template('general/exception_caught') response.code.should == '404' response.body.should match("Sorry, we couldn't find that page") - response.body.should match(%Q(invalid value for Integer)) end # it 'should handle non utf-8 parameters' do @@ -76,7 +75,6 @@ describe "When errors occur" do InfoRequest.stub!(:find_by_url_title!).and_raise("An example error") get("/request/example") response.should render_template('general/exception_caught') - response.body.should match('An example error') response.code.should == "500" end @@ -111,7 +109,6 @@ describe "When errors occur" do get("/es/request/example") response.should render_template('general/exception_caught') response.body.should match('Lo sentimos, hubo un problema procesando esta página') - response.body.should match('An example error') end it "should render a 403 with text body for attempts at directory listing for attachments" do -- cgit v1.2.3 From 12aca5dd819653e596f7c13e587e6e7967d6ded3 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 12 Dec 2014 14:06:51 +0000 Subject: Use RESTful routing for index and show actions --- spec/integration/errors_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index 110626058..a28b34da6 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -131,7 +131,7 @@ describe "When errors occur" do it 'should show a full trace for general errors' do InfoRequest.stub!(:find).and_raise("An example error") - get("/admin/request/show/333") + get("/admin/requests/333") response.body.should have_selector('div[id=traces]') response.body.should match('An example error') end -- cgit v1.2.3 From e822e7091e7e0153a68094898847b0793e58dedd Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 22 Dec 2014 11:38:49 +0000 Subject: Revert "Use rack-utf8_sanitizer gem" This reverts commit 45f25290e2e4a1f33ec5d3df6ecfb40300318ece. Use of the :ruby_20 platform requires bundler 1.3, which is not available on all our supported OSes as a package. See https://github.com/mysociety/alaveteli/issues/1276 for details. --- spec/integration/errors_spec.rb | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'spec/integration/errors_spec.rb') diff --git a/spec/integration/errors_spec.rb b/spec/integration/errors_spec.rb index a28b34da6..39f1279ce 100644 --- a/spec/integration/errors_spec.rb +++ b/spec/integration/errors_spec.rb @@ -61,12 +61,14 @@ describe "When errors occur" do response.body.should match("Sorry, we couldn't find that page") end - it 'should handle non utf-8 parameters' do - get ('/%d3') - response.should render_template('general/exception_caught') - response.code.should == '404' - response.body.should match("Sorry, we couldn't find that page") - end + # it 'should handle non utf-8 parameters' do + # pending 'until we sanitize non utf-8 parameters for Ruby >= 1.9' do + # get ('/%d3') + # response.should render_template('general/exception_caught') + # response.code.should == '404' + # response.body.should match("Sorry, we couldn't find that page") + # end + # end it "should render a 500 for general errors using the general/exception_caught template" do -- cgit v1.2.3