summaryrefslogtreecommitdiff
path: root/app/controllers/content_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/content_controller.rb')
-rw-r--r--app/controllers/content_controller.rb39
1 files changed, 22 insertions, 17 deletions
diff --git a/app/controllers/content_controller.rb b/app/controllers/content_controller.rb
index 1b13456..8d33105 100644
--- a/app/controllers/content_controller.rb
+++ b/app/controllers/content_controller.rb
@@ -1,30 +1,31 @@
1class ContentController < ApplicationController 1class ContentController < ApplicationController
2 2
3 # Public 3 # Public
4 4
5 before_filter :find_page 5 before_action :find_page
6 6
7 # This is the method that renders most of the the public content. It recieves 7 # This is the method that renders most of the the public content. It recieves
8 # a :locale and a :page_path parameter through the params hash. It looks up 8 # a :locale and a :page_path parameter through the params hash. It looks up
9 # the node with the corresponding unique_name attribute. The method doesn't 9 # the node with the corresponding unique_name attribute. The method doesn't
10 # return a node though, the node is really a proxy object for pages. It 10 # return a node though, the node is really a proxy object for pages. It
11 # returns the most recent page associated to this node instead. 11 # returns the most recent page associated to this node instead.
12 def render_page 12 def render_page
13 13
14 expires_in 20.minutes, :public => true 14 expires_in 20.minutes, :public => true
15 15
16 if @page and @page.public? 16 if @page and @page.public?
17 render( 17 render(
18 :file => @page.valid_template, 18 :template => @page.valid_template,
19 :layout => true 19 :layout => true
20 ) 20 )
21 else 21 else
22 render( 22 render(
23 :file => File.join(RAILS_ROOT, 'public', '404.html'), 23 :file => Rails.root.join('public', '404.html').to_s,
24 :status => 404 24 :status => 404,
25 :layout => false
25 ) 26 )
26 end 27 end
27 28
28 end 29 end
29 30
30 def render_gallery 31 def render_gallery
@@ -32,13 +33,17 @@ class ContentController < ApplicationController
32 @images = @page.assets.images 33 @images = @page.assets.images
33 render :file => "content/gallery" 34 render :file => "content/gallery"
34 else 35 else
35 render :nothing => true, :status => 404 36 head :not_found
36 end 37 end
37 end 38 end
38 39
39 private 40 private
40 def find_page 41 def find_page
41 path = params[:page_path].join('/') 42 path = params[:page_path].is_a?(Array) ? params[:page_path].join('/') : params[:page_path]
42 @page = Node.find_page(path) 43 if path =~ /^[a-zA-Z\:\/\/\.\-\d_]+$/
44 @page = Node.find_page(path)
45 else
46 @page = nil
47 end
43 end 48 end
44end 49end