github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 04:41:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""

Browse Source 
This reverts commit 20780a1eeed56b321daf18ee6bbfe681a51d1bf4.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
This commit is contained in:
Michael Brown
2020-05-23 00:56:13 -04:00
parent 20780a1eee
commit d9a02d1336
236 changed files with 1031 additions and 715 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
spec/requests/posts_controller_spec.rb
View File

@ -675,6 +675,17 @@ describe PostsController do
I18n.t("invalid_params", message: "category")
)
end
it 'will raise an error if specified embed_url is invalid' do
user = Fabricate(:admin)
master_key = Fabricate(:api_key).key
post "/posts.json",
params: { title: 'this is a test title', raw: 'this is test body', embed_url: '/test.txt' },
headers: { HTTP_API_USERNAME: user.username, HTTP_API_KEY: master_key }
expect(response.status).to eq(422)
end
end
describe "when logged in" do