admin_data 1.1.4 → 1.1.5
Sign up to get free protection for your applications and to get access to all the features.
|
@@ -2,13 +2,13 @@ module AdminData
|
|
|
2
2
|
class PublicController < ApplicationController
|
|
3
3
|
|
|
4
4
|
def serve
|
|
5
|
+
path = File.join(AdminData.public_dir,params[:file]))
|
|
5
6
|
|
|
6
|
-
|
|
7
|
-
unless self.class.admin_data_assets.include? params[:file]
|
|
7
|
+
unless File.expanded_path(path) =~ /admin_data/
|
|
8
8
|
render :nothing => true, :status => 404 and return
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
opts = {:text => File.read(
|
|
11
|
+
opts = {:text => File.read(path), :cache => true}
|
|
12
12
|
|
|
13
13
|
case params[:file]
|
|
14
14
|
when /\.css$/i then opts[:content_type] = "text/css"
|
|
@@ -21,17 +21,5 @@ module AdminData
|
|
|
21
21
|
render opts
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
protected
|
|
25
|
-
|
|
26
|
-
# Cached list of all assets provided by admin_data
|
|
27
|
-
# It is used to ensure security in the serve method
|
|
28
|
-
def self.admin_data_assets
|
|
29
|
-
@admin_data_assets ||= (
|
|
30
|
-
Dir.glob(File.join(AdminData.public_dir, '**', '*')).map do |path|
|
|
31
|
-
# we want only relative paths
|
|
32
|
-
path.split(AdminData.public_dir, 2).last
|
|
33
|
-
end
|
|
34
|
-
)
|
|
35
|
-
end
|
|
36
24
|
end
|
|
37
25
|
end
|
data/lib/admin_data/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: admin_data
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 25
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 1.1.
|
|
9
|
+
- 5
|
|
10
|
+
version: 1.1.5
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Neeraj Singh
|