aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers/request_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/request_controller.rb')
-rw-r--r--app/controllers/request_controller.rb6
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index c732a4b32..2c95114e6 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -743,6 +743,12 @@ class RequestController < ApplicationController
end
def get_attachment_as_html
+
+ # The conversion process can generate files in the cache directory that can be served up
+ # directly by the webserver according to httpd.conf, so don't allow it unless that's OK.
+ if @files_can_be_cached != true
+ raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.")
+ end
get_attachment_internal(true)
# images made during conversion (e.g. images in PDF files) are put in the cache directory, so