0001-Allow-to-download-javascript-attachments-again.patch - Redmine

Patch #23376 » 0001-Allow-to-download-javascript-attachments-again.patch

Holger Just, 2016-07-19 17:47

       before_action :delete_authorize, :only => :destroy
       before_action :authorize_global, :only => :upload
       # Disable check for same origin requests for JS files, i.e. attachments with
       # MIME type text/javascript.
       skip_after_filter :verify_same_origin_request, :only => :download
       accept_api_auth :show, :download, :thumbnail, :upload, :destroy
       def show

       filename: root_attachment.txt
       filesize: 54
       author_id: 2
     attachments_021:
       created_on: 2016-07-19 15:07:27 +02:00
       downloads: 0
       content_type: text/javascript
       disk_filename: 160719150727_script.js
       disk_directory: "2016/07"
       container_id: 3
       digest: bc279813fab770379fd219f1722ccc3a
       id: 21
       container_type: Issue
       filesize: 16
       filename: script.js
       author_id: 2

test/fixtures/files/2016/07/160719150727_script.js
	1	alert('Hello');

         set_tmp_attachments_directory
       end
       def test_download_js_file
         get :download, :id => 21
         assert_response :success
         assert_equal 'text/javascript', @response.content_type
         set_tmp_attachments_directory
       end
       def test_download_version_file_with_issue_tracking_disabled
         Project.find(1).disable_module! :issue_tracking
         get :download, :id => 9

         get '/issues/3.xml?include=attachments'
         assert_select 'issue attachments[type=array]' do
           assert_select 'attachment', 4
           assert_select 'attachment', 5
           assert_select 'attachment id', :text => '1' do
             assert_select '~ filename', :text => 'error281.txt'
             assert_select '~ content_url', :text => 'http://www.example.com/attachments/download/1/error281.txt'

(1-1/1)