summaryrefslogtreecommitdiff
path: root/app/controllers/content_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/content_controller.rb')
-rw-r--r--app/controllers/content_controller.rb26
1 files changed, 15 insertions, 11 deletions
diff --git a/app/controllers/content_controller.rb b/app/controllers/content_controller.rb
index 1b13456..c62b726 100644
--- a/app/controllers/content_controller.rb
+++ b/app/controllers/content_controller.rb
@@ -1,30 +1,30 @@
1class ContentController < ApplicationController 1class ContentController < ApplicationController
2 2
3 # Public 3 # Public
4 4
5 before_filter :find_page 5 before_filter :find_page
6 6
7 # This is the method that renders most of the the public content. It recieves 7 # This is the method that renders most of the the public content. It recieves
8 # a :locale and a :page_path parameter through the params hash. It looks up 8 # a :locale and a :page_path parameter through the params hash. It looks up
9 # the node with the corresponding unique_name attribute. The method doesn't 9 # the node with the corresponding unique_name attribute. The method doesn't
10 # return a node though, the node is really a proxy object for pages. It 10 # return a node though, the node is really a proxy object for pages. It
11 # returns the most recent page associated to this node instead. 11 # returns the most recent page associated to this node instead.
12 def render_page 12 def render_page
13 13
14 expires_in 20.minutes, :public => true 14 expires_in 20.minutes, :public => true
15 15
16 if @page and @page.public? 16 if @page and @page.public?
17 render( 17 render(
18 :file => @page.valid_template, 18 :file => @page.valid_template,
19 :layout => true 19 :layout => true
20 ) 20 )
21 else 21 else
22 render( 22 render(
23 :file => File.join(RAILS_ROOT, 'public', '404.html'), 23 :file => File.join(RAILS_ROOT, 'public', '404.html'),
24 :status => 404 24 :status => 404
25 ) 25 )
26 end 26 end
27 27
28 end 28 end
29 29
30 def render_gallery 30 def render_gallery
@@ -35,10 +35,14 @@ class ContentController < ApplicationController
35 render :nothing => true, :status => 404 35 render :nothing => true, :status => 404
36 end 36 end
37 end 37 end
38 38
39 private 39 private
40 def find_page 40 def find_page
41 path = params[:page_path].join('/') 41 path = params[:page_path].join('/')
42 @page = Node.find_page(path) 42 if path =~ /^[a-zA-Z\:\/\/\.\-\d_]+$/
43 @page = Node.find_page(path)
44 else
45 @page = nil
46 end
43 end 47 end
44end 48end