From b08d495020117de12e7ec92e27516109dee88245 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Wed, 7 Jan 2015 22:28:15 +0100 Subject: [PATCH] Prevent having \n, \r or \t in title or subject. --- app/models/ticket.rb | 10 ++++++++-- app/models/ticket/article.rb | 10 ++++++++++ test/unit/ticket_test.rb | 10 ++++++---- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/app/models/ticket.rb b/app/models/ticket.rb index 7c7e809db..9091e2a7c 100644 --- a/app/models/ticket.rb +++ b/app/models/ticket.rb @@ -14,8 +14,8 @@ class Ticket < ApplicationModel include Ticket::SearchIndex extend Ticket::Search - before_create :check_generate, :check_defaults - before_update :check_defaults + before_create :check_generate, :check_defaults, :check_title + before_update :check_defaults, :check_title before_destroy :destroy_dependencies after_create :notify_clients_after_create after_update :notify_clients_after_update @@ -167,6 +167,12 @@ returns self.number = Ticket::Number.generate end + def check_title + if self.title + self.title.gsub!(/\s|\t|\r/, ' ') + end + end + def check_defaults if !self.owner_id self.owner_id = 1 diff --git a/app/models/ticket/article.rb b/app/models/ticket/article.rb index cf22c08e3..f2e2c2050 100644 --- a/app/models/ticket/article.rb +++ b/app/models/ticket/article.rb @@ -13,6 +13,8 @@ class Ticket::Article < ApplicationModel belongs_to :sender, :class_name => 'Ticket::Article::Sender' belongs_to :created_by, :class_name => 'User' belongs_to :updated_by, :class_name => 'User' + before_create :check_subject + before_update :check_subject after_create :notify_clients_after_create after_update :notify_clients_after_update after_destroy :notify_clients_after_destroy @@ -27,6 +29,14 @@ class Ticket::Article < ApplicationModel :sender_id => true, } + private + + def check_subject + if self.subject + self.subject.gsub!(/\s|\t|\r/, ' ') + end + end + class Flag < ApplicationModel end diff --git a/test/unit/ticket_test.rb b/test/unit/ticket_test.rb index a4d03d1a6..4443a0c5b 100644 --- a/test/unit/ticket_test.rb +++ b/test/unit/ticket_test.rb @@ -4,7 +4,7 @@ require 'test_helper' class TicketTest < ActiveSupport::TestCase test 'ticket create' do ticket = Ticket.create( - :title => 'some title äöüß', + :title => "some title\n äöüß", :group => Group.lookup( :name => 'Users'), :customer_id => 2, :state => Ticket::State.lookup( :name => 'new' ), @@ -14,7 +14,7 @@ class TicketTest < ActiveSupport::TestCase ) assert( ticket, "ticket created" ) - assert_equal( ticket.title, 'some title äöüß', 'ticket.title verify' ) + assert_equal( ticket.title, 'some title äöüß', 'ticket.title verify' ) assert_equal( ticket.group.name, 'Users', 'ticket.group verify' ) assert_equal( ticket.state.name, 'new', 'ticket.state verify' ) @@ -46,14 +46,16 @@ class TicketTest < ActiveSupport::TestCase article_note = Ticket::Article.create( :ticket_id => ticket.id, :from => 'some person', - :subject => 'some note', - :body => 'some message', + :subject => "some\nnote", + :body => "some\n message", :internal => true, :sender => Ticket::Article::Sender.where(:name => 'Agent').first, :type => Ticket::Article::Type.where(:name => 'note').first, :updated_by_id => 1, :created_by_id => 1, ) + assert_equal( article_note.subject, "some note", 'article_note.subject verify - inbound' ) + assert_equal( article_note.body, "some\n message", 'article_note.body verify - inbound' ) ticket = Ticket.find(ticket.id) assert_equal( ticket.article_count, 2, 'ticket.article_count verify - note' )