From 9e9c69c1357882d4221d1c511c3c7f6b36c094cc Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Mon, 21 Nov 2016 11:52:39 +0100
Subject: bugfix: handle missing params for ticket gracefully

This used to trigger a 500.

Fixes #8395
---
 engines/support/app/controllers/tickets_controller.rb      |  8 +++++++-
 engines/support/test/functional/tickets_controller_test.rb | 10 ++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

(limited to 'engines')

diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb
index 8cccc2f..c20ef6a 100644
--- a/engines/support/app/controllers/tickets_controller.rb
+++ b/engines/support/app/controllers/tickets_controller.rb
@@ -19,7 +19,7 @@ class TicketsController < ApplicationController
   end
 
   def create
-    @ticket = Ticket.new(params[:ticket])
+    @ticket = Ticket.new ticket_params
 
     #protecting posted_by isn't working, so this should protect it:
     @ticket.comments.last.posted_by = current_user.id
@@ -89,6 +89,12 @@ class TicketsController < ApplicationController
     @title = t("layouts.title.tickets")
   end
 
+  def ticket_params
+    # make sure we have everything we need...
+    params.require(:ticket).require(:comments_attributes).require('0')
+    params.require(:ticket)
+  end
+
   private
 
   #
diff --git a/engines/support/test/functional/tickets_controller_test.rb b/engines/support/test/functional/tickets_controller_test.rb
index 5c2b346..2f1e661 100644
--- a/engines/support/test/functional/tickets_controller_test.rb
+++ b/engines/support/test/functional/tickets_controller_test.rb
@@ -78,6 +78,16 @@ class TicketsControllerTest < ActionController::TestCase
     assert_nil assigns(:tickets).detect{|t| t.created_by != @user}
   end
 
+
+  test "should rerender form on missing info" do
+    params = { :subject => "unauth ticket test subject",
+               :comments_attributes => {"0" => {}}
+             }
+    assert_raises ActionController::ParameterMissing do
+      post :create, :ticket => params
+    end
+  end
+
   test "should create unauthenticated ticket" do
     params = {:subject => "unauth ticket test subject", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
 
-- 
cgit v1.2.3