deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Uploaded files in published webs should be accessible

Browse source 
File retrieval (but not file uploads) should be allowed on
a published web (this includes BlahTeX/PNG support).
(Reported by Ari Stern).
This commit is contained in:
Jacques Distler 2009-06-17 11:17:25 -05:00
parent 591c60de09
commit 155dc88891
4 changed files with 101 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/application_controller.rb
View file

@ -222,15 +222,14 @@ class ApplicationController < ActionController::Base
end
def authorization_needed?
not %w( login authenticate feeds published atom_with_headlines atom_with_content).include?(action_name)
not %w(login authenticate feeds published atom_with_headlines atom_with_content s5 file blahtex_png).include?(action_name)
end
def authorized?
@web.nil? or
@web.password.nil? or
cookies[CGI.escape(@web_name)] == @web.password or
password_check(params['password']) or
(@web.published? and action_name == 's5')
password_check(params['password'])
end
end