Merge branch 'hotfix/no-html-conversion-for-hidden'0.6.8.1

author: Louise Crow <louise.crow@gmail.com> 2012-12-13 13:35:42 +0000
committer: Louise Crow <louise.crow@gmail.com> 2012-12-13 13:35:42 +0000
commit: 2e7ec67bfb99ee19e4fbadf9bebd9d0e0f4299d9 (patch)
tree: 2da09ec794193e1b08644902aa1276dbad33a8dc /app/controllers/request_controller.rb
parent: 2078f60edf819cae81b5f15bedf93db9bae4df53 (diff)
parent: 3910f7f545177cdb69a5ee0196ffa54a9dba0541 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index c732a4b32..2c95114e6 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -743,6 +743,12 @@ class RequestController < ApplicationController
     end
 
     def get_attachment_as_html
+
+        # The conversion process can generate files in the cache directory that can be served up
+        # directly by the webserver according to httpd.conf, so don't allow it unless that's OK.
+        if @files_can_be_cached != true
+            raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.")
+        end
         get_attachment_internal(true)
 
         # images made during conversion (e.g. images in PDF files) are put in the cache directory, so
author	Louise Crow <louise.crow@gmail.com>	2012-12-13 13:35:42 +0000
committer	Louise Crow <louise.crow@gmail.com>	2012-12-13 13:35:42 +0000
commit	2e7ec67bfb99ee19e4fbadf9bebd9d0e0f4299d9 (patch)
tree	2da09ec794193e1b08644902aa1276dbad33a8dc /app/controllers/request_controller.rb
parent	2078f60edf819cae81b5f15bedf93db9bae4df53 (diff)
parent	3910f7f545177cdb69a5ee0196ffa54a9dba0541 (diff)