deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Rollback one change from previous commit

Browse source 
S5 should not be visible on unpublished, password-protected webs.
This commit is contained in:
Jacques Distler 2009-06-17 12:45:53 -05:00
parent 155dc88891
commit 73120cdc1c
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/application_controller.rb
View file

@ -222,14 +222,15 @@ class ApplicationController < ActionController::Base
end end
def authorization_needed? def authorization_needed?
not %w(login authenticate feeds published atom_with_headlines atom_with_content s5 file blahtex_png).include?(action_name) not %w(login authenticate feeds published atom_with_headlines atom_with_content file blahtex_png).include?(action_name)
end end
def authorized? def authorized?
@web.nil? or @web.nil? or
@web.password.nil? or @web.password.nil? or
cookies[CGI.escape(@web_name)] == @web.password or cookies[CGI.escape(@web_name)] == @web.password or
password_check(params['password']) password_check(params['password']) or
(@web.published? and action_name == 's5')
end end
end end

2
app/controllers/file_controller.rb
View file

@ -38,7 +38,7 @@ class FileController < ApplicationController
end end
def blahtex_png def blahtex_png
send_file(@web.blahtex_pngs_path + '/' + params['id']) send_file(@web.blahtex_pngs_path + '/' + params['id']) if check_authorized
end end
def delete def delete