diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 379fac2..136b738 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -20,6 +20,7 @@ class ApplicationController < ActionController::Base
include AuthenticationSystem
+ helper :all
before_filter :startup
before_filter :set_timezone
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index 6366bc0..7843b0e 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see .
+
class WikiController < ApplicationController
verify :params => :text, :only => :preview, :redirect_to => { :action => :show }
@@ -27,8 +28,6 @@ class WikiController < ApplicationController
:move_up, :move_down, :undelete ]
def index
- @wiki_pages = @course.wiki_pages
-
respond_to do |format|
format.html { redirect_to course_url(@course) }
format.xml { render :xml => @wiki_pages }
@@ -73,12 +72,13 @@ class WikiController < ApplicationController
@wiki_page.attributes = params[:wiki_page]
@wiki_page.user_id = session[:user_id]
@wiki_page.course_id = @course.id
- dirty = @wiki_page.changed?
+ changed = @wiki_page.changed?
@wiki_page.save!
- WikiEditLogEntry.create!(:target_id => @wiki_page.id, :user => @current_user, :course => @course, :version => @wiki_page.version) if dirty
-
- flash[:notice] = "Wiki page updated"[]
+ if changed
+ WikiEditLogEntry.create!(:target_id => @wiki_page.id, :user => @current_user, :course => @course, :version => @wiki_page.version)
+ flash[:notice] = "Wiki page updated"[]
+ end
respond_to do |format|
format.html { redirect_to course_wiki_instance_url(@course, @wiki_page) }
@@ -113,9 +113,9 @@ class WikiController < ApplicationController
def preview
@text = params[:text]
begin
- render :text => BlueCloth.new(@text).to_html
- rescue
- render :text => $!.to_s.gsub(">", ">").gsub("<", "<")
+ render :text => @text.format_wiki
+ rescue RuntimeError
+ render :text => $!.to_s.gsub(">", ">").gsub("<", "<"), :status => :bad_request
end
end
@@ -149,6 +149,7 @@ class WikiController < ApplicationController
def undelete
@wiki_page = WikiPage.find_with_deleted(params[:id])
@wiki_page.recover!
+ @wiki_page.insert_at(1)
flash[:notice] = "Wiki page restored"[]
WikiRestoreLogEntry.create!(:target_id => @wiki_page.id, :user => @current_user, :course => @wiki_page.course)
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index e058b5c..ab2325b 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -51,10 +51,6 @@ module ApplicationHelper
logged_in? and current_user.admin?
end
- def wiki(text)
- BlueCloth.new(text).to_html
- end
-
def formatted(text)
h(text).gsub("\n", "
")
end
@@ -75,7 +71,7 @@ module ApplicationHelper
def markup_help
return "" +
- wiki(File.read("#{RAILS_ROOT}/public/static/markup_help.mkd")) +
+ File.read("#{RAILS_ROOT}/public/static/markup_help.mkd").format_wiki +
"
"
end
@@ -91,4 +87,5 @@ module ApplicationHelper
def format_period(period)
return "20#{period[0..1]}.#{period[2..2]}"
end
+
end
diff --git a/app/helpers/wiki_helper.rb b/app/helpers/wiki_helper.rb
index 52092f1..da8e13d 100644
--- a/app/helpers/wiki_helper.rb
+++ b/app/helpers/wiki_helper.rb
@@ -14,6 +14,14 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see .
+class String
+ def format_wiki
+ text = BlueCloth.new(self).to_html
+ text = Hpricot(text, :xhtml_strict => true).to_s
+ return text.sanitize
+ end
+end
+
module WikiHelper
def format_diff(text)
diff --git a/app/models/event.rb b/app/models/event.rb
index 3ff1948..7ba54e8 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -19,6 +19,7 @@ class Event < ActiveRecord::Base
# Plugins
acts_as_paranoid
acts_as_versioned :if_changed => [ :title, :description, :time ]
+ acts_as_paranoid_versioned
self.non_versioned_columns << 'deleted_at'
# Associacoes
@@ -43,4 +44,5 @@ class Event < ActiveRecord::Base
end
return cal.to_ical
end
+
end
diff --git a/app/models/message.rb b/app/models/message.rb
index 52a5efc..a2669d1 100644
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -20,6 +20,7 @@ class Message < ActiveRecord::Base
acts_as_paranoid
acts_as_versioned :if_changed => [ :title, :body ]
self.non_versioned_columns << 'deleted_at'
+ acts_as_paranoid_versioned
# Associacoes
belongs_to :user,
diff --git a/app/models/wiki_page.rb b/app/models/wiki_page.rb
index 67be7cd..d27dc79 100644
--- a/app/models/wiki_page.rb
+++ b/app/models/wiki_page.rb
@@ -17,12 +17,14 @@
require 'acts_as_versioned'
require 'tempfile'
+
class WikiPage < ActiveRecord::Base
# Plugins
acts_as_paranoid
acts_as_list :scope => 'course_id = #{course_id}'
acts_as_versioned :if_changed => [ :content, :description, :title ]
+ acts_as_paranoid_versioned
self.non_versioned_columns << 'position'
self.non_versioned_columns << 'deleted_at'
@@ -37,18 +39,14 @@ class WikiPage < ActiveRecord::Base
def validate
begin
- to_html
+ self.content.format_wiki
rescue
- errors.add("content", "possui erro de sintaxe")
+ errors.add("content", "possui erro de sintaxe: " + $!.to_s.html_escape)
end
end
- def to_html(text = self.content)
- return BlueCloth.new(text).to_html
- end
-
def to_param
- self.title.match(/^[-_a-z0-9]*$/i).nil? ? self.id.to_id : self.title
+ self.title.match(/^[-_a-z0-9]*$/i).nil? ? self.id.to_s : self.title
end
def WikiPage.diff(from, to)
diff --git a/app/views/courses/show.html.haml b/app/views/courses/show.html.haml
index 83bfad2..e0ddec8 100644
--- a/app/views/courses/show.html.haml
+++ b/app/views/courses/show.html.haml
@@ -8,7 +8,7 @@
%h4.title Disciplina
%h1.title= h(@course.full_name)
-%p= wiki @course.description
+%p= @course.description.format_wiki
.box
.cmd
diff --git a/app/views/layouts/_base.html.haml b/app/views/layouts/_base.html.haml
index 0bc15a6..7959a50 100644
--- a/app/views/layouts/_base.html.haml
+++ b/app/views/layouts/_base.html.haml
@@ -8,7 +8,7 @@
%meta{'http-equiv' => 'Content-Type', 'content' => 'text/html; charset=UTF-8'}
%link{'href' => "#{App.base_path}/stylesheets/cache/wiki.css", 'rel' => 'Stylesheet', 'type' => %'text/css'}
- %link#css_color{'href' => "#{App.base_path}/stylesheets/cache/color.#@color.css", 'rel' => 'Stylesheet', 'type' => %'text/css'}
+ %link#css_color{'href' => "#{App.base_path}/stylesheets/cache/color.#{@color}.css", 'rel' => 'Stylesheet', 'type' => %'text/css'}
/[if IE]
%link{:href => "#{App.base_path}/stylesheets/ie/ie.css", :rel => "stylesheet", :type => "text/css"}
diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml
index 29663d7..c5c95e5 100644
--- a/app/views/users/show.html.haml
+++ b/app/views/users/show.html.haml
@@ -11,4 +11,4 @@
%p= "Última visita há {c}"[:last_seen, distance_of_time_in_words(Time.now, @user.last_seen)]
-# cache(user_path(@user.id)) do
- = wiki @user.description if !@user.description.blank?
+ = @user.description.format_wiki if !@user.description.blank?
diff --git a/app/views/wiki/show.html.haml b/app/views/wiki/show.html.haml
index d4df97f..996cdef 100644
--- a/app/views/wiki/show.html.haml
+++ b/app/views/wiki/show.html.haml
@@ -10,4 +10,4 @@
%h4.title= h(@course.full_name)
%h1.title= h(@wiki_page.title)
#wiki_text
- = @wiki_page.to_html
+ = @wiki_page.content.format_wiki
diff --git a/config/environment.rb b/config/environment.rb
index 9d264bb..3a81c9e 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -57,6 +57,16 @@ Rails::Initializer.run do |config|
# Make Active Record use UTC-base instead of local time
config.active_record.default_timezone = :utc
+ config.action_view.sanitized_allowed_tags = %W(p h1 h2 h3 h4 h5 h6 dl dt ol
+ ul li address blockquote del div hr ins pre a abbr acronym dfn em strong
+ code samp kbd var b i big small tt span br bdo cite del ins q sub sup img
+ map table tr td th colgroup col caption thead tbody tfoot)
+
+ config.action_view.sanitized_allowed_attributes = %W(align alt border
+ cellpadding cellspacing cols colspan coords height href longdesc name
+ noresize nowrap rel rows rowspan rules scope shape size span src style
+ summary title type usemap valign width)
+
config.gem "dr_nic_magic_models"
config.gem "bluecloth"
config.gem "acts_as_versioned"
diff --git a/config/initializers/nasty_hacks.rb b/config/initializers/nasty_hacks.rb
index b989e73..6d837e8 100644
--- a/config/initializers/nasty_hacks.rb
+++ b/config/initializers/nasty_hacks.rb
@@ -1,8 +1,3 @@
-# Carrega as classes Message e LogEntry. O lazy loading do Rails gera
-# problemas se voce definir varias classes por arquivos.
-require "#{RAILS_ROOT}/app/models/message.rb"
-require "#{RAILS_ROOT}/app/models/log_entry.rb"
-
class Fixnum
def is_numeric?
true
@@ -13,6 +8,14 @@ class String
def is_numeric?
Float self rescue false
end
+
+ def html_escape
+ ERB::Util::html_escape(self)
+ end
+
+ %w[auto_link excerpt highlight sanitize simple_format strip_tags truncate word_wrap].each do |method|
+ eval "def #{method}(*args); ActionController::Base.helpers.#{method}(self, *args); end"
+ end
end
class Array
@@ -36,9 +39,6 @@ module ActiveRecord
module Versioned
module ClassMethods
def acts_as_paranoid_versioned
- acts_as_paranoid
- acts_as_versioned
-
# protect the versioned model
self.versioned_class.class_eval do
def self.delete_all(conditions = nil); return; end
@@ -48,3 +48,9 @@ module ActiveRecord
end
end
end
+
+# Carrega as classes Message e LogEntry. O lazy loading do Rails gera
+# problemas se voce definir varias classes por arquivos.
+require "#{RAILS_ROOT}/app/models/message.rb"
+require "#{RAILS_ROOT}/app/models/log_entry.rb"
+
diff --git a/test/functional/attachments_controller_test.rb b/test/functional/attachments_controller_test.rb
index 202a0bd..12bdd19 100644
--- a/test/functional/attachments_controller_test.rb
+++ b/test/functional/attachments_controller_test.rb
@@ -24,88 +24,7 @@ class AttachmentsControllerTest < ActionController::TestCase
fixtures :attachments
def setup
- @controller = AttachmentsController.new
- @request = ActionController::TestRequest.new
- @response = ActionController::TestResponse.new
- end
+ @course = Course.find(:first)
- def test_truth
- assert true
end
-
-#
-# def test_index
-# get :index
-# assert_response :success
-# assert_template 'list'
-# end
-#
-# def test_list
-# get :list
-#
-# assert_response :success
-# assert_template 'list'
-#
-# assert_not_nil assigns(:attachments)
-# end
-#
-# def test_show
-# get :show, :id => @first_id
-#
-# assert_response :success
-# assert_template 'show'
-#
-# assert_not_nil assigns(:attachment)
-# assert assigns(:attachment).valid?
-# end
-#
-# def test_new
-# get :new
-#
-# assert_response :success
-# assert_template 'new'
-#
-# assert_not_nil assigns(:attachment)
-# end
-#
-# def test_create
-# num_attachments = Attachment.count
-#
-# post :create, :attachment => {}
-#
-# assert_response :redirect
-# assert_redirected_to :action => 'list'
-#
-# assert_equal num_attachments + 1, Attachment.count
-# end
-#
-# def test_edit
-# get :edit, :id => @first_id
-#
-# assert_response :success
-# assert_template 'edit'
-#
-# assert_not_nil assigns(:attachment)
-# assert assigns(:attachment).valid?
-# end
-#
-# def test_update
-# post :update, :id => @first_id
-# assert_response :redirect
-# assert_redirected_to :action => 'show', :id => @first_id
-# end
-#
-# def test_destroy
-# assert_nothing_raised {
-# Attachment.find(@first_id)
-# }
-#
-# post :destroy, :id => @first_id
-# assert_response :redirect
-# assert_redirected_to :action => 'list'
-#
-# assert_raise(ActiveRecord::RecordNotFound) {
-# Attachment.find(@first_id)
-# }
-# end
end
diff --git a/test/functional/courses_controller_test.rb b/test/functional/courses_controller_test.rb
index 578ed5b..095499d 100644
--- a/test/functional/courses_controller_test.rb
+++ b/test/functional/courses_controller_test.rb
@@ -29,25 +29,29 @@ class CoursesControllerTest < ActionController::TestCase
@course = Course.find(:first)
end
- # REST - usuários autenticados
- context "A user" do
- #setup { login_as :bob }
- should_be_restful do |resource|
- resource.create.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
- resource.update.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
- end
+ def test_truth
+ assert true
end
- # REST - usuários quaisquer
- context "A stranger" do
- setup { logout }
- should_be_restful do |resource|
- resource.create.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
- resource.update.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
- resource.denied.actions = [ :new, :edit, :create, :update, :destroy ]
- resource.denied.redirect = "'/login'"
- resource.denied.flash = /must be logged in/i
- end
- end
+ # REST - usuários autenticados
+ #context "A user" do
+ # #setup { login_as :bob }
+ # should_be_restful do |resource|
+ # resource.create.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
+ # resource.update.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
+ # end
+ #end
+
+ ## REST - usuários quaisquer
+ #context "A stranger" do
+ # setup { logout }
+ # should_be_restful do |resource|
+ # resource.create.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
+ # resource.update.params = { :short_name => 'test', :full_name => 'test', :description => 'test' }
+ # resource.denied.actions = [ :new, :edit, :create, :update, :destroy ]
+ # resource.denied.redirect = "'/login'"
+ # resource.denied.flash = /must be logged in/i
+ # end
+ #end
end
diff --git a/test/functional/events_controller_test.rb b/test/functional/events_controller_test.rb
index bbd1dc9..a977aa0 100644
--- a/test/functional/events_controller_test.rb
+++ b/test/functional/events_controller_test.rb
@@ -31,28 +31,28 @@ class EventsControllerTest < ActionController::TestCase
end
# REST - usuários autenticados
- context "A user" do
- setup { login_as :bob }
- should_be_restful do |resource|
- resource.parent = [ :course ]
- resource.create.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
- resource.update.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
-
- end
- end
-
- # REST - usuários quaisquer
- context "A stranger" do
- setup { logout }
- should_be_restful do |resource|
- resource.parent = [ :course ]
- resource.create.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
- resource.update.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
- resource.denied.actions = [ :new, :edit, :create, :update, :destroy ]
- resource.denied.redirect = "'/login'"
- resource.denied.flash = /must be logged in/i
- end
- end
+ #context "A user" do
+ # setup { login_as :bob }
+ # should_be_restful do |resource|
+ # resource.parent = [ :course ]
+ # resource.create.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
+ # resource.update.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
+
+ # end
+ #end
+
+ ## REST - usuários quaisquer
+ #context "A stranger" do
+ # setup { logout }
+ # should_be_restful do |resource|
+ # resource.parent = [ :course ]
+ # resource.create.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
+ # resource.update.params = { :title => 'test', :time => Time.now, :description => 'test', :created_by => 1 }
+ # resource.denied.actions = [ :new, :edit, :create, :update, :destroy ]
+ # resource.denied.redirect = "'/login'"
+ # resource.denied.flash = /must be logged in/i
+ # end
+ #end
def test_should_accept_icalendar_on_index
get :index, :format => 'ics', :course_id => 1
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb
index 7d916a7..dd347ff 100644
--- a/test/functional/news_controller_test.rb
+++ b/test/functional/news_controller_test.rb
@@ -31,32 +31,32 @@ class NewsControllerTest < ActionController::TestCase
end
# REST - usuários autenticados
- context "A user" do
- setup { login_as :bob }
- should_be_restful do |resource|
- resource.klass = News
- resource.object = 'news'
- resource.parent = [ :course ]
- resource.create.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
- resource.update.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
- resource.destroy.redirect = "course_news_url(@course)"
- end
- end
+ #context "A user" do
+ # setup { login_as :bob }
+ # should_be_restful do |resource|
+ # resource.klass = News
+ # resource.object = 'news'
+ # resource.parent = [ :course ]
+ # resource.create.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
+ # resource.update.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
+ # resource.destroy.redirect = "course_news_url(@course)"
+ # end
+ #end
- # REST - usuários quaisquer
- context "A stranger" do
- setup { logout }
- should_be_restful do |resource|
- resource.klass = News
- resource.object = 'news'
- resource.parent = [ :course ]
- resource.create.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
- resource.update.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
- resource.denied.actions = [ :new, :edit, :create, :update, :destroy ]
- resource.denied.redirect = "'/login'"
- resource.denied.flash = /must be logged in/i
- end
- end
+ ## REST - usuários quaisquer
+ #context "A stranger" do
+ # setup { logout }
+ # should_be_restful do |resource|
+ # resource.klass = News
+ # resource.object = 'news'
+ # resource.parent = [ :course ]
+ # resource.create.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
+ # resource.update.params = { :title => 'test', :body => 'test', :receiver_id => 1 }
+ # resource.denied.actions = [ :new, :edit, :create, :update, :destroy ]
+ # resource.denied.redirect = "'/login'"
+ # resource.denied.flash = /must be logged in/i
+ # end
+ #end
def test_should_accept_rss_on_index
get :index, :format => 'rss', :course_id => 1
diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb
index 3b56185..ccab036 100644
--- a/test/functional/wiki_controller_test.rb
+++ b/test/functional/wiki_controller_test.rb
@@ -22,44 +22,245 @@ class WikiController; def rescue_action(e) raise e end; end
class WikiControllerTest < ActionController::TestCase
def setup
- @controller = WikiController.new
- @request = ActionController::TestRequest.new
- @response = ActionController::TestResponse.new
@course = Course.find(:first)
- @wiki_page = @course.wiki_pages.create(:title => 'test1', :content => 'test1', :description => 'test', :version => 1)
- @wiki_page.user = users(:bob)
+
+ @wiki_page = @course.wiki_pages.create(:title => 'test1', :content => 'content1',
+ :user_id => users(:bob).id, :description => 'test', :version => 1)
+ @wiki_page.save!
+ @wiki_page.title = 'new title'
@wiki_page.save!
+
+ @another_wiki_page = @course.wiki_pages.create(:title => 'another', :content => 'another',
+ :description => 'test', :user_id => users(:bob).id, :version => 1)
+ @another_wiki_page.move_to_bottom
+ @another_wiki_page.save!
+ @wiki_page.reload
+
+ LogEntry.delete_all
+ end
+
+ context "An anonymous user" do
+
+ should_request_login_on_post_to(:new, {:course_id => 1})
+ should_request_login_on_post_to(:create, {:course_id => 1})
+ should_request_login_on_post_to(:edit, {:course_id => 1, :id => 1})
+ should_request_login_on_post_to(:update, {:course_id => 1, :id => 1})
+ should_request_login_on_post_to(:destroy, {:course_id => 1, :id => 1})
+ should_request_login_on_post_to(:move_up, {:course_id => 1, :id => 1})
+ should_request_login_on_post_to(:move_down, {:course_id => 1, :id => 1})
+ should_request_login_on_post_to(:undelete, {:course_id => 1, :id => 1})
+
+ context "on get to :index" do
+ setup { get :index, :course_id => @course.id }
+ should_redirect_to('the course page') { course_url(@course) }
+ end
+
+ context "on get to :show" do
+ setup { get :show, :course_id => @course.id, :id => @wiki_page.id }
+
+ should_respond_with :success
+ should_render_template 'show'
+
+ should "show the wiki page" do
+ assert_select 'h1.title', @wiki_page.title
+ end
+
+ should "show the selected version" do
+ @wiki_page.revert_to(1)
+ get :show, :course_id => @course.id, :id => @wiki_page.id, :version => 1
+ assert_select 'h1.title', @wiki_page.title
+ end
+ end
+
+ context "on get to :versions" do
+ setup { get :versions, :course_id => @course.id, :id => @wiki_page.id }
+
+ should_respond_with :success
+ should_render_template 'versions'
+
+ should "show the wiki page versions" do
+ @wiki_page.versions.each do |v|
+ assert_select 'a[href=?]', course_wiki_instance_url(@course, @wiki_page, :version => v.version)
+ end
+ end
+ end
+
+ context "on get to :preview" do
+ context "with valid markup" do
+ setup { get :preview, :text => "hello {$x$} x" }
+
+ should_respond_with :success
+
+ should "display latex formulas" do
+ assert_select 'img[class=tex_inline]'
+ end
+
+ should "strip harmful tags" do
+ assert_select 'script', false
+ assert_select '*[onclick]', false
+ end
+ end
+
+ context "with invalid markup" do
+ setup { get :preview, :text => " @course.id, :id => @wiki_page.id, :from => 1, :to => 2 }
+ should_respond_with :success
+ should_assign_to :diff
+ end
+
end
- # REST - usuários autenticados
- context "A user" do
+ context "An authenticated user" do
setup { login_as :bob }
- should_be_restful do |resource|
- resource.klass = WikiPage
- resource.parent = [ :course ]
- resource.create.params = { :title => 'test2', :description => 'test', :content => 'test2', :course_id => 1 }
- resource.update.params = { :title => 'test3', :description => 'test', :content => 'test3', :course_id => 1 }
- resource.actions = [ :show, :new, :edit, :update, :create, :destroy ]
- resource.destroy.redirect = "course_url(@course)"
- resource.create.redirect = "course_wiki_url(@course, @wiki_page)"
- resource.update.redirect = "course_wiki_url(@course, @wiki_page)"
+
+ context "on get to :new" do
+ setup { get :new, :course_id => @course.id }
+ should_render_a_form
+ should_respond_with :success
+ end
+
+ context "on post to :create" do
+ setup do
+ assert_nil @course.wiki_pages.find_by_title('test2')
+ post :create, :course_id => @course.id, :wiki_page => { :title => 'test2', :content => 'test2' }
+ @wiki_page = @course.wiki_pages.find_by_title('test2')
+ end
+
+ should_set_the_flash_to(/created/i)
+ should_redirect_to('the wiki page') { course_wiki_instance_url(@course, @wiki_page) }
+ should_create_log_entry {[ WikiCreateLogEntry, @wiki_page.id, users(:bob).id ]}
+
+ should "create a new wiki page" do
+ assert @wiki_page
+ assert_equal @wiki_page.version, 1
+ assert_equal users(:bob).id, @wiki_page.user_id
+ end
end
+
+ context "on get to :edit" do
+ setup { get :edit, :course_id => @course.id, :id => @wiki_page.id }
+
+ should_render_a_form
+ should_render_template 'edit'
+
+ should "render a form with the correct fields" do
+ assert_select "input[name='wiki_page[title]'][value=?]", @wiki_page.title
+ assert_select "input[name='wiki_page[description]'][value=?]", ""
+ assert_select 'textarea', @wiki_page.content
+ end
+
+ should "edit the selected version" do
+ @wiki_page.revert_to(1)
+ get :edit, :course_id => @course.id, :id => @wiki_page.id, :version => 1
+ assert_select "input[name='wiki_page[title]'][value=?]", @wiki_page.title
+ assert_select 'textarea', @wiki_page.content
+ end
+ end
+
+ context "on post to :update" do
+ context "with unmodified data" do
+ setup do
+ post :update, :course_id => @course.id, :id => @wiki_page.id, :wiki_page => {
+ :title => @wiki_page.title, :content => @wiki_page.content}
+ end
+
+ should_not_set_the_flash
+ should_redirect_to('the wiki page') { course_wiki_instance_url(@course, @wiki_page) }
+
+ should "not create a new log entry" do
+ assert_nil WikiEditLogEntry.find(:first, :conditions => { :target_id => @wiki_page.id })
+ end
+ end
+
+ context "with new data" do
+ setup do
+ post :update, :course_id => @course.id, :id => @wiki_page.id, :wiki_page => {
+ :user_id => 999, :course_id => 999, # not user definable
+ :title => 'brand new title', :content => 'brand new content'}
+ @wiki_page.reload
+ end
+
+ should_set_the_flash_to(/updated/i)
+ should_redirect_to('the wiki page') { course_wiki_instance_url(@course, @wiki_page) }
+ should_create_log_entry {[ WikiEditLogEntry, @wiki_page.id, users(:bob).id ]}
+
+ should "update the wiki page" do
+ assert_equal "brand new title", @wiki_page.title
+ assert_equal "brand new content", @wiki_page.content
+ assert_equal users(:bob).id, @wiki_page.user_id
+ assert_equal @course.id, @wiki_page.course_id
+ end
+ end
+ end
+
+ context "on post to :destroy" do
+ setup { post :destroy, :course_id => @course.id, :id => @wiki_page.id }
+
+ should_set_the_flash_to(/removed/i)
+ should_redirect_to('the course page') { course_url(@course) }
+ should_create_log_entry {[ WikiDeleteLogEntry, @wiki_page.id, users(:bob).id ]}
+
+ should "delete the wiki page" do
+ @wiki_page = WikiPage.find_with_deleted(@wiki_page.id)
+ assert @wiki_page.deleted?
+ end
+ end
+
+ context "on get to :move_up" do
+ setup do
+ assert_equal 1, @wiki_page.position
+ assert_equal 2, @another_wiki_page.position
+ get :move_up, :course_id => @course.id, :id => @another_wiki_page.id
+ end
+
+ should_redirect_to('the course page') { course_url(@course) }
+
+ should "move the page up" do
+ @wiki_page.reload
+ @another_wiki_page.reload
+ assert_equal 2, @wiki_page.position
+ assert_equal 1, @another_wiki_page.position
+ end
+ end
+
+ context "on get to :move_down" do
+ setup do
+ assert_equal 1, @wiki_page.position
+ assert_equal 2, @another_wiki_page.position
+ get :move_down, :course_id => @course.id, :id => @wiki_page.id
+ end
+
+ should_redirect_to('the course page') { course_url(@course) }
+
+ should "move the page up" do
+ @wiki_page.reload
+ @another_wiki_page.reload
+ assert_equal 2, @wiki_page.position
+ assert_equal 1, @another_wiki_page.position
+ end
+ end
+
+ context "on post to :undelete" do
+ setup do
+ @wiki_page.destroy
+ post :undelete, :course_id => @course.id, :id => @wiki_page.id
+ end
+
+ should_redirect_to('the wiki page') { course_wiki_instance_url(@course, @wiki_page) }
+ should_create_log_entry {[ WikiRestoreLogEntry, @wiki_page.id, users(:bob).id ]}
+
+ should "restore the wiki page" do
+ assert WikiPage.find(@wiki_page.id)
+ end
+ end
+
end
- # REST - usuários quaisquer
- #context "A stranger" do
- # setup { logout }
- # should_be_restful do |resource|
- # resource.klass = WikiPage
- # resource.parent = [ :course ]
- # resource.create.params = { :title => 'test4', :description => 'test', :content => 'test4', :course_id => 1 }
- # resource.update.params = { :title => 'test5', :description => 'test', :content => 'test5', :course_id => 1 }
- # resource.actions = [ :show, :new, :edit, :update, :create, :destroy ]
- # resource.denied.actions = [ :new, :edit, :create, :update, :destroy ]
- # resource.denied.redirect = "'/login'"
- # resource.denied.flash = /must be logged in/i
- # end
- #end
#def test_should_accept_text_on_show
# get :show, :format => 'txt', :course_id => 1, :id => @wiki_page.id
diff --git a/test/unit/wiki_page_test.rb b/test/unit/wiki_page_test.rb
index 3be3e6a..4891d7e 100644
--- a/test/unit/wiki_page_test.rb
+++ b/test/unit/wiki_page_test.rb
@@ -18,6 +18,16 @@ require File.dirname(__FILE__) + '/../test_helper'
class WikiPageTest < ActiveSupport::TestCase
+ should "not delete versions on destroy" do
+ wp = WikiPage.new(:course_id => 1, :user_id => 1, :title => "t", :content => "c", :description => "d", :version => 1)
+ wp.save!
+ wp.destroy
+
+ wp = WikiPage.find_with_deleted(wp.id)
+ wp.recover!
+ assert !wp.versions.empty?
+ end
+
def test_should_create_new_version_when_editing
wp = WikiPage.new
assert !wp.save_version?
diff --git a/vendor/gems/bluecloth-1.0.0/lib/bluecloth.rb b/vendor/gems/bluecloth-1.0.0/lib/bluecloth.rb
index 34ed960..6bb6aed 100644
--- a/vendor/gems/bluecloth-1.0.0/lib/bluecloth.rb
+++ b/vendor/gems/bluecloth-1.0.0/lib/bluecloth.rb
@@ -260,36 +260,6 @@ class BlueCloth < String
#private
#######
- def sanitize_html(html, whitelist, attrs, blacklist)
- whitelist += attrs.keys
- page = Hpricot(html, :xhtml_strict => true)
-
- page.search("*").each do |e|
- if e.elem?
- tagname = e.name.downcase
- if blacklist.include?(tagname)
- e.swap("")
- elsif !whitelist.include?(tagname)
- e.parent.replace_child(e, e.children)
- elsif attrs.has_key?(tagname)
- e.attributes.each do |key, val|
- e.remove_attribute(key) if !attrs[tagname].include?(key.downcase)
-
- HTMLValueBlackList.each do |bad|
- e.remove_attribute(key) if val.downcase.gsub(/\s/, "").include?(bad.downcase)
- end
- end
- else
- e.attributes.each { |key, val| e.remove_attribute(key) }
- end
- elsif e.comment?
- e.swap('')
- end
- end
-
- page.to_s
- end
-
### Do block-level transforms on a copy of +str+ using the specified render
### state +rs+ and return the results.
def apply_block_transforms( str, rs )
@@ -321,10 +291,6 @@ class BlueCloth < String
end
}
- # Sanitize result
- @log.debug "Sanitizing HTML:\n %p" % text
- text = sanitize_html(text, HTMLWhiteList, HTMLAttrs, HTMLBlackList)
-
@log.debug "Done with block transforms:\n %p" % text
return text
end
@@ -454,7 +420,7 @@ class BlueCloth < String
# Block Latex
rval = rval.gsub(LatexBlockRegexp) {|block|
codeblock = $1.strip.gsub("\n", '%0A').gsub(/[ \t]+/, " ")
- codeblock = %{} %
+ codeblock = %{} %
[ encode_code( codeblock, rs ) ]
tokenize(codeblock, rs)
}
@@ -462,7 +428,7 @@ class BlueCloth < String
# Inline math
rval = rval.gsub( LatexInlineRegexp ) {|block|
codeblock = $1.strip
- codeblock = %{
} % [ encode_code( codeblock, rs ) ]
+ codeblock = %{} % [ encode_code( codeblock, rs ) ]
tokenize(codeblock, rs)
}