archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-24 12:43:07 +00:00
Code Issues Projects Releases Wiki Activity

Added 404 response for non-existing setting categories

Browse source 
- Added test to cover.
This commit is contained in:
Dan Brown 2022-03-28 11:16:20 +01:00
parent 895f656897
commit 7c12920dc8
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
2 changed files with 19 additions and 0 deletions
app/Http/Controllers
SettingController.php
tests/Settings
SettingsTest.php

11
app/Http/Controllers/SettingController.php
View file

@ -11,6 +11,8 @@ class SettingController extends Controller
{ {
protected ImageRepo $imageRepo; protected ImageRepo $imageRepo;
protected array $settingCategories = ['features', 'customization', 'registration'];
public function __construct(ImageRepo $imageRepo) public function __construct(ImageRepo $imageRepo)
{ {
$this->imageRepo = $imageRepo; $this->imageRepo = $imageRepo;
@ -21,6 +23,7 @@ class SettingController extends Controller
*/ */
public function index(string $category) public function index(string $category)
{ {
$this->ensureCategoryExists($category);
$this->checkPermission('settings-manage'); $this->checkPermission('settings-manage');
$this->setPageTitle(trans('settings.settings')); $this->setPageTitle(trans('settings.settings'));
@ -39,6 +42,7 @@ class SettingController extends Controller
*/ */
public function update(Request $request, string $category) public function update(Request $request, string $category)
{ {
$this->ensureCategoryExists($category);
$this->preventAccessInDemoMode(); $this->preventAccessInDemoMode();
$this->checkPermission('settings-manage'); $this->checkPermission('settings-manage');
$this->validate($request, [ $this->validate($request, [
@ -73,4 +77,11 @@ class SettingController extends Controller
return redirect("/settings/${category}"); return redirect("/settings/${category}");
} }
protected function ensureCategoryExists(string $category): void
{
if (!in_array($category, $this->settingCategories)) {
abort(404);
}
}
} }

8
tests/Settings/SettingsTest.php
View file

@ -28,4 +28,12 @@ class SettingsTest extends TestCase
$resp->assertElementExists("form[action$=\"/settings/{$category}\"]"); $resp->assertElementExists("form[action$=\"/settings/{$category}\"]");
} }
} }
public function test_not_found_setting_category_throws_404()
{
$resp = $this->asAdmin()->get('/settings/biscuits');
$resp->assertStatus(404);
$resp->assertSee('Page Not Found');
}
} }