FIX: Render a 404 error on a bad redirect in list controller

When bad data is provided in the URI for redirecting to a category, Rails raises an `ActionController::Redirecting::UnsafeRedirectError` error, leading to a 500 error. This patch catches the exception to render a 404 instead.
2025-03-20 13:06:39 +08:00 · 2024-06-27 15:51:45 +02:00 · 2024-06-27 15:51:45 +02:00 · 232503b3df
commit 232503b3df
parent a442eeb0f4
2 changed files with 18 additions and 0 deletions
--- a/app/controllers/list_controller.rb
+++ b/app/controllers/list_controller.rb
@ -49,6 +49,10 @@ class ListController < ApplicationController
                  :filter,
                ].flatten

+  rescue_from ActionController::Redirecting::UnsafeRedirectError do
+    raise Discourse::NotFound
+  end
+
  # Create our filters
  Discourse.filters.each do |filter|
    define_method(filter) do |options = nil|
--- a/spec/requests/list_controller_spec.rb
+++ b/spec/requests/list_controller_spec.rb
@ -1124,6 +1124,20 @@ RSpec.describe ListController do
        )
      end
    end
+
+    context "when redirect raises an unsafe redirect error" do
+      before do
+        ListController
+          .any_instance
+          .stubs(:redirect_to)
+          .raises(ActionController::Redirecting::UnsafeRedirectError)
+      end
+
+      it "renders a 404" do
+        get "/c/hello/world/bye/#{subsubcategory.id}"
+        expect(response).to have_http_status :not_found
+      end
+    end
  end

  describe "shared drafts" do