discourse/app/controllers/static_controller.rb

class StaticController < ApplicationController

  skip_before_filter :check_xhr, :redirect_to_login_if_required

  def show

    page = params[:id]

    return redirect_to(SiteSetting.tos_url) if page == 'tos' and !SiteSetting.tos_url.blank?
    return redirect_to(SiteSetting.privacy_policy_url) if page == 'privacy' and !SiteSetting.privacy_policy_url.blank?

    # Don't allow paths like ".." or "/" or anything hacky like that
    page.gsub!(/[^a-z0-9\_\-]/, '')

    file = "static/#{page}.#{I18n.locale}"

    # if we don't have a localized version, try the English one
    if not lookup_context.find_all("#{file}.html").any?
      file = "static/#{page}.en"
    end

    if lookup_context.find_all("#{file}.html").any?
      render file, layout: !request.xhr?, formats: [:html]
      return
    end

    raise Discourse::NotFound
  end

  # This method just redirects to a given url.
  # It's used when an ajax login was successful but we want the browser to see
  # a post of a login form so that it offers to remember your password.
  def enter
    params.delete(:username)
    params.delete(:password)

    redirect_to(
      if params[:redirect].blank? || params[:redirect].match(login_path)
        root_path
      else
        params[:redirect]
      end
    )
  end
end
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`class StaticController < ApplicationController`

Redirect all controllers to login if required We want to skip the filter for sessions controller so that we can login and we want to skip the filter for static pages because those should be visible to visitors. 2013-06-04 18:32:36 -04:00			`skip_before_filter :check_xhr, :redirect_to_login_if_required`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`def show`

			`page = params[:id]`

tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00			`return redirect_to(SiteSetting.tos_url) if page == 'tos' and !SiteSetting.tos_url.blank?`
			`return redirect_to(SiteSetting.privacy_policy_url) if page == 'privacy' and !SiteSetting.privacy_policy_url.blank?`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# Don't allow paths like ".." or "/" or anything hacky like that`
			`page.gsub!(/[^a-z0-9\_\-]/, '')`

implement translations into static pages (FAQ, TOS) + an example of CZ translation 2013-03-03 10:27:32 -05:00			`file = "static/#{page}.#{I18n.locale}"`

			`# if we don't have a localized version, try the English one`
			`if not lookup_context.find_all("#{file}.html").any?`
			`file = "static/#{page}.en"`
			`end`

			`if lookup_context.find_all("#{file}.html").any?`
			`render file, layout: !request.xhr?, formats: [:html]`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`return`
			`end`

get rid of nonsense 404.html correct 404 handling for invalid pages 2013-05-19 20:29:49 -04:00			`raise Discourse::NotFound`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Support for browser password managers, but doesn't quite work in IE 2013-03-13 10:22:56 -04:00			`# This method just redirects to a given url.`
			`# It's used when an ajax login was successful but we want the browser to see`
			`# a post of a login form so that it offers to remember your password.`
			`def enter`
			`params.delete(:username)`
			`params.delete(:password)`

Redirect to root after login if no path provided If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path. 2013-06-04 18:34:54 -04:00			`redirect_to(`
			`if params[:redirect].blank? \|\| params[:redirect].match(login_path)`
			`root_path`
			`else`
			`params[:redirect]`
			`end`
			`)`
			`end`
Fix all the trailing whitespace 2013-02-07 10:45:24 -05:00			`end`