deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rollback one change from previous commit

Browse source 
S5 should not be visible on unpublished, password-protected webs.
This commit is contained in:
Jacques Distler 2009-06-17 12:45:53 -05:00
parent 155dc88891
commit 73120cdc1c
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/application_controller.rb
View file

@ -222,14 +222,15 @@ class ApplicationController < ActionController::Base
end
def authorization_needed?
not %w(login authenticate feeds published atom_with_headlines atom_with_content s5 file blahtex_png).include?(action_name)
not %w(login authenticate feeds published atom_with_headlines atom_with_content file blahtex_png).include?(action_name)
end
def authorized?
@web.nil? or
@web.password.nil? or
cookies[CGI.escape(@web_name)] == @web.password or
password_check(params['password'])
password_check(params['password']) or
(@web.published? and action_name == 's5')
end
end

2
app/controllers/file_controller.rb
View file

@ -38,7 +38,7 @@ class FileController < ApplicationController
end
def blahtex_png
send_file(@web.blahtex_pngs_path + '/' + params['id'])
send_file(@web.blahtex_pngs_path + '/' + params['id']) if check_authorized
end
def delete