mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 16:52:45 +08:00
FIX: Correct slug validation
We were allowing new categories to use slugs like "2342-category".
This commit is contained in:
parent
580a4a827b
commit
32107a9a72
|
@ -294,10 +294,11 @@ class Category < ActiveRecord::Base
|
|||
self.slug = Slug.for(name, '')
|
||||
self.slug = '' if duplicate_slug?
|
||||
end
|
||||
# only allow to use category itself id. new_record doesn't have a id.
|
||||
unless new_record?
|
||||
match_id = /^(\d+)-category/.match(self.slug)
|
||||
errors.add(:slug, :invalid) if match_id && match_id[1] && match_id[1] != self.id.to_s
|
||||
|
||||
# only allow to use category itself id.
|
||||
match_id = /^(\d+)-/.match(self.slug)
|
||||
if match_id.present?
|
||||
errors.add(:slug, :invalid) if new_record? || (match_id[1] != self.id.to_s)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -400,7 +400,17 @@ RSpec.describe ListController do
|
|||
|
||||
context 'another category exists with a number at the beginning of its name' do
|
||||
# One category has another category's id at the beginning of its name
|
||||
let!(:other_category) { Fabricate(:category_with_definition, name: "#{category.id} name") }
|
||||
let!(:other_category) {
|
||||
# Our validations don't allow this to happen now, but did historically
|
||||
Fabricate(:category_with_definition, name: "#{category.id} name", slug: '-').tap { |c|
|
||||
DB.exec <<~SQL
|
||||
UPDATE categories
|
||||
SET slug = '#{category.id}-name'
|
||||
WHERE id = #{c.id}
|
||||
SQL
|
||||
c.reload
|
||||
}
|
||||
}
|
||||
|
||||
it 'uses the correct category' do
|
||||
get "/c/#{other_category.slug}/l/latest.json"
|
||||
|
|
Loading…
Reference in New Issue
Block a user