zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-07-23 02:56:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix bug allowing you to delete your own site directory

Browse source
This commit is contained in:
Kyle Drake 2015-06-07 21:54:25 -07:00
parent 092eb4536f
commit 397f34a014
3 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tests/api_tests.rb
View file

@ -107,6 +107,27 @@ describe 'api delete' do
res[:error_type].must_equal 'missing_files'
end
it 'fails to delete site directory' do
create_site
basic_authorize @user, @pass
post '/api/delete', filenames: ['/']
res[:error_type].must_equal 'cannot_delete_site_directory'
File.exist?(@site.files_path).must_equal true
end
it 'fails to delete other directories' do
create_site
@other_site = @site
create_site
basic_authorize @user, @pass
post '/api/delete', filenames: ["../#{@other_site.username}"]
File.exist?(@other_site.base_files_path).must_equal true
res[:error_type].must_equal 'missing_files'
post '/api/delete', filenames: ["../#{@other_site.username}/index.html"]
File.exist?(@other_site.base_files_path+'/index.html').must_equal true
res[:error_type].must_equal 'missing_files'
end
it 'succeeds with valid filenames' do
create_site
basic_authorize @user, @pass