2013-02-05 14:16:51 -05:00
|
|
|
class StaticController < ApplicationController
|
|
|
|
|
|
2013-06-04 18:32:36 -04:00
|
|
|
skip_before_filter :check_xhr, :redirect_to_login_if_required
|
2013-08-27 11:30:58 -04:00
|
|
|
skip_before_filter :verify_authenticity_token, only: [:enter]
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
|
def show
|
|
|
|
|
|
2013-10-30 16:37:22 -04:00
|
|
|
return redirect_to('/') if current_user && params[:id] == 'login'
|
|
|
|
|
|
2013-06-27 03:15:59 -04:00
|
|
|
map = {
|
|
|
|
|
"faq" => "faq_url",
|
|
|
|
|
"tos" => "tos_url",
|
|
|
|
|
"privacy" => "privacy_policy_url"
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
page = params[:id]
|
|
|
|
|
|
2013-06-27 03:15:59 -04:00
|
|
|
if site_setting_key = map[page]
|
|
|
|
|
url = SiteSetting.send(site_setting_key)
|
|
|
|
|
return redirect_to(url) unless url.blank?
|
|
|
|
|
end
|
2013-06-18 10:52:04 -04:00
|
|
|
|
2014-07-10 12:58:34 -04:00
|
|
|
# The /guidelines route ALWAYS shows our FAQ, ignoring the faq_url site setting.
|
|
|
|
|
page = 'faq' if page == 'guidelines'
|
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
# Don't allow paths like ".." or "/" or anything hacky like that
|
|
|
|
|
page.gsub!(/[^a-z0-9\_\-]/, '')
|
|
|
|
|
|
2013-03-03 10:27:32 -05:00
|
|
|
file = "static/#{page}.#{I18n.locale}"
|
|
|
|
|
|
|
|
|
|
# if we don't have a localized version, try the English one
|
|
|
|
|
if not lookup_context.find_all("#{file}.html").any?
|
|
|
|
|
file = "static/#{page}.en"
|
|
|
|
|
end
|
|
|
|
|
|
2013-07-16 06:49:04 -04:00
|
|
|
if not lookup_context.find_all("#{file}.html").any?
|
|
|
|
|
file = "static/#{page}"
|
|
|
|
|
end
|
|
|
|
|
|
2013-03-03 10:27:32 -05:00
|
|
|
if lookup_context.find_all("#{file}.html").any?
|
2014-07-10 12:58:34 -04:00
|
|
|
@faq_overriden = !SiteSetting.faq_url.blank?
|
2013-03-03 10:27:32 -05:00
|
|
|
render file, layout: !request.xhr?, formats: [:html]
|
2013-02-05 14:16:51 -05:00
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
|
2013-05-19 20:29:49 -04:00
|
|
|
raise Discourse::NotFound
|
2013-02-05 14:16:51 -05:00
|
|
|
end
|
|
|
|
|
|
2013-03-13 10:22:56 -04:00
|
|
|
# This method just redirects to a given url.
|
|
|
|
|
# It's used when an ajax login was successful but we want the browser to see
|
|
|
|
|
# a post of a login form so that it offers to remember your password.
|
|
|
|
|
def enter
|
|
|
|
|
params.delete(:username)
|
|
|
|
|
params.delete(:password)
|
|
|
|
|
|
2013-06-04 18:34:54 -04:00
|
|
|
redirect_to(
|
|
|
|
|
if params[:redirect].blank? || params[:redirect].match(login_path)
|
2013-07-01 14:00:06 -04:00
|
|
|
"/"
|
2013-06-04 18:34:54 -04:00
|
|
|
else
|
|
|
|
|
params[:redirect]
|
|
|
|
|
end
|
|
|
|
|
)
|
|
|
|
|
end
|
2014-05-18 18:46:09 -04:00
|
|
|
|
2014-07-25 01:10:06 -04:00
|
|
|
skip_before_filter :store_incoming_links, :verify_authenticity_token, only: [:cdn_asset]
|
2014-05-18 18:46:09 -04:00
|
|
|
def cdn_asset
|
2014-07-10 03:29:38 -04:00
|
|
|
path = File.expand_path(Rails.root + "public/assets/" + params[:path])
|
|
|
|
|
|
|
|
|
|
# SECURITY what if path has /../
|
|
|
|
|
unless path.start_with?(Rails.root.to_s + "/public/assets")
|
|
|
|
|
raise Discourse::NotFound
|
|
|
|
|
end
|
|
|
|
|
|
2014-05-18 18:46:09 -04:00
|
|
|
expires_in 1.year, public: true
|
|
|
|
|
response.headers["Access-Control-Allow-Origin"] = params[:origin]
|
2014-07-08 00:48:20 -04:00
|
|
|
begin
|
|
|
|
|
response.headers["Last-Modified"] = File.ctime(path).httpdate
|
|
|
|
|
rescue Errno::ENOENT
|
|
|
|
|
raise Discourse::NotFound
|
|
|
|
|
end
|
2014-05-18 18:46:09 -04:00
|
|
|
opts = {
|
|
|
|
|
disposition: nil
|
|
|
|
|
}
|
|
|
|
|
opts[:type] = "application/x-javascript" if path =~ /\.js$/
|
2014-07-10 02:32:06 -04:00
|
|
|
|
|
|
|
|
# we must disable acceleration otherwise NGINX strips
|
|
|
|
|
# access control headers
|
2014-07-10 03:01:21 -04:00
|
|
|
request.env['sendfile.type'] = ''
|
2014-05-18 18:46:09 -04:00
|
|
|
send_file(path, opts)
|
|
|
|
|
end
|
2013-02-07 10:45:24 -05:00
|
|
|
end
|
