Project

General

Profile

Feature #24808 » 0002-oauth-Prevent-hash-type-URLs-from-being-namespaced-i.patch

Jens Krämer, 2020-07-21 13:05

View differences:

lib/redmine/menu_manager.rb
180 180
          url = '#'
181 181
          options.reverse_merge!(:onclick => 'return false;')
182 182
        end
183
        link_to(h(caption), url, options)
183
        link_to(h(caption), use_absolute_controller(url), options)
184 184
      end
185 185

  
186 186
      def render_unattached_menu_item(menu_item, project)
187 187
        raise MenuError, ":child_menus must be an array of MenuItems" unless menu_item.is_a? MenuItem
188 188

  
189 189
        if menu_item.allowed?(User.current, project)
190
          link_to(menu_item.caption, menu_item.url, menu_item.html_options)
190
          link_to(menu_item.caption, use_absolute_controller(menu_item.url), menu_item.html_options)
191 191
        end
192 192
      end
193 193

  
......
229 229
        raise MenuError, ":child_menus must be an array of MenuItems" unless node.is_a? MenuItem
230 230
        node.allowed?(user, project)
231 231
      end
232

  
233
      # Prevent hash type URLs (e.g. {controller: 'foo', action: 'bar}) from being namespaced
234
      # when menus are rendered from views in namespaced controllers in plugins or engines
235
      def use_absolute_controller(url)
236
        if url.is_a?(Hash) && url[:controller].present? && !url[:controller].start_with?('/')
237
          url[:controller] = "/#{url[:controller]}"
238
        end
239
        url
240
      end
232 241
    end
233 242

  
234 243
    class << self
(13-13/24)