IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Make sure uploaded_urls have corresponding upload records

Browse Source
This commit is contained in:
Robin Ward
2016-07-28 13:54:17 -04:00
parent cf5b756b1a
commit 2891f230d1
8 changed files with 67 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
spec/models/category_spec.rb
View File

@@ -12,6 +12,24 @@ describe Category do
is_expected.to validate_uniqueness_of(:name).scoped_to(:parent_category_id)
end
context "url validation" do
let(:user) { Fabricate(:user) }
let(:upload) { Fabricate(:upload) }
it "ensures logo_url is valid" do
expect(Fabricate.build(:category, user: user, logo_url: "---%")).not_to be_valid
expect(Fabricate.build(:category, user: user, logo_url: "http://example.com/made-up.jpg")).not_to be_valid
expect(Fabricate.build(:category, user: user, logo_url: upload.url)).to be_valid
end
it "ensures background_url is valid" do
expect(Fabricate.build(:category, user: user, background_url: ";test")).not_to be_valid
expect(Fabricate.build(:category, user: user, background_url: "http://example.com/no.jpg")).not_to be_valid
expect(Fabricate.build(:category, user: user, background_url: upload.url)).to be_valid
end
end
it 'validates uniqueness in case insensitive way' do
Fabricate(:category, name: "Cats")
cats = Fabricate.build(:category, name: "cats")