FIX: 1868 Security: Dangerous Send

2025-05-22 22:43:33 +08:00 · 2014-01-27 13:05:35 -05:00
parent 32d79494ad
commit 74f1c553e3
4 changed files with 49 additions and 2 deletions
--- a/spec/controllers/admin/site_settings_controller_spec.rb
+++ b/spec/controllers/admin/site_settings_controller_spec.rb
@ -25,6 +25,10 @@ describe Admin::SiteSettingsController do

    context 'update' do

+      before do
+        SiteSetting.setting(:test_setting, "default")
+      end
+
      it 'sets the value when the param is present' do
        SiteSetting.expects(:'test_setting=').with('hello').once
        xhr :put, :update, id: 'test_setting', test_setting: 'hello'
@ -41,6 +45,12 @@ describe Admin::SiteSettingsController do
        StaffActionLogger.any_instance.expects(:log_site_setting_change).with('test_setting', 'previous', 'hello')
        xhr :put, :update, id: 'test_setting', test_setting: 'hello'
      end
+
+      it 'fails when a setting does not exist' do
+        expect {
+          xhr :put, :update, id: 'provider', provider: 'gotcha'
+        }.to raise_error(ArgumentError)
+      end
    end

  end