Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Template without a known template handler should only be reachable th…

…rough its exact path. [#2027 state:resolved]

Signed-off-by: Joshua Peek <josh@joshpeek.com>
  • Loading branch information...
commit 85df4841ddb3db3970fa9e798de698cf6f16752a 1 parent b35562f
thedarkone authored josh committed
View
23 actionpack/lib/action_view/template.rb
@@ -103,12 +103,12 @@ def self.exempt_from_layout(*extensions)
@@exempt_from_layout.merge(regexps)
end
- attr_accessor :filename, :load_path, :base_path
+ attr_accessor :template_path, :filename, :load_path, :base_path
attr_accessor :locale, :name, :format, :extension
delegate :to_s, :to => :path
def initialize(template_path, load_path)
- template_path = template_path.dup
+ @template_path = template_path.dup
@load_path, @filename = load_path, File.join(load_path, template_path)
@base_path, @name, @locale, @format, @extension = split(template_path)
@base_path.to_s.gsub!(/\/$/, '') # Push to split method
@@ -119,13 +119,20 @@ def initialize(template_path, load_path)
def accessible_paths
paths = []
- paths << path
- paths << path_without_extension
- if multipart?
- formats = format.split(".")
- paths << "#{path_without_format_and_extension}.#{formats.first}"
- paths << "#{path_without_format_and_extension}.#{formats.second}"
+
+ if valid_extension?(extension)
+ paths << path
+ paths << path_without_extension
+ if multipart?
+ formats = format.split(".")
+ paths << "#{path_without_format_and_extension}.#{formats.first}"
+ paths << "#{path_without_format_and_extension}.#{formats.second}"
+ end
+ else
+ # template without explicit template handler should only be reachable through its exact path
+ paths << template_path
end
+
paths
end
View
10 actionpack/test/template/render_test.rb
@@ -224,6 +224,16 @@ def test_render_legacy_handler_with_custom_type
assert_equal 'source: Hello, <%= name %>!; locals: {:name=>"Josh"}', @view.render(:inline => "Hello, <%= name %>!", :locals => { :name => "Josh" }, :type => :foo)
end
+ def test_render_ignores_templates_with_malformed_template_handlers
+ %w(malformed malformed.erb malformed.html.erb malformed.en.html.erb).each do |name|
+ assert_raise(ActionView::MissingTemplate) { @view.render(:file => "test/malformed/#{name}") }
+ end
+ end
+
+ def test_template_with_malformed_template_handler_is_reachable_trough_its_exact_filename
+ assert_equal "Don't render me!", @view.render(:file => 'test/malformed/malformed.html.erb~')
+ end
+
def test_render_with_layout
assert_equal %(<title></title>\nHello world!\n),
@view.render(:file => "test/hello_world.erb", :layout => "layouts/yield")
Please sign in to comment.
Something went wrong with that request. Please try again.