From 43bd77a1ad43d7cb24117bf3973f841221fd2c6e Mon Sep 17 00:00:00 2001
From: Seb Bacon <seb.bacon@gmail.com>
Date: Thu, 12 Jan 2012 07:47:16 +0000
Subject: Return 403 when attachment "folders" are spidered.  Fixes #340

---
 app/controllers/application_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/controllers/application_controller.rb')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8fd2da54a..05f88a6b2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,6 +11,8 @@
 require 'open-uri'
 
 class ApplicationController < ActionController::Base
+    class PermissionDenied < StandardError
+    end
     # Standard headers, footers and navigation for whole site
     layout "default"
     include FastGettext::Translation # make functions like _, n_, N_ etc available)
@@ -120,6 +122,8 @@ class ApplicationController < ActionController::Base
         case exception
         when ActiveRecord::RecordNotFound, ActionController::UnknownAction, ActionController::RoutingError
             @status = 404
+        when PermissionDenied
+            @status = 403
         else
             @status = 500
             notify_about_exception exception
@@ -189,7 +193,7 @@ class ApplicationController < ActionController::Base
         return File.exists?(key_path)
     end
     def foi_fragment_cache_read(key_path)
-        cached = File.read(key_path)
+        return File.read(key_path)
     end
     def foi_fragment_cache_write(key_path, content)
         FileUtils.mkdir_p(File.dirname(key_path))
-- 
cgit v1.2.3