From ea03685aa9d09d7cd29e0ef875d3afa7758b29ea Mon Sep 17 00:00:00 2001
From: Matthew Landauer <matthew@openaustralia.org>
Date: Thu, 31 Jan 2013 13:23:19 +1100
Subject: There's really no need to test the internals of Rails

---
 app/controllers/request_controller.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'app/controllers/request_controller.rb')

diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index c18a97443..500738b91 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -709,9 +709,13 @@ class RequestController < ApplicationController
             key_path = foi_fragment_cache_path(key)
             if foi_fragment_cache_exists?(key_path)
                 logger.info("Reading cache for #{key_path}")
-                raise PermissionDenied.new("Directory listing not allowed") if File.directory?(key_path)
-                render :text => foi_fragment_cache_read(key_path),
-                    :content_type => (AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream')
+
+                if File.directory?(key_path)
+                    render :text => "Directory listing not allowed", :status => 403 
+                else
+                    render :text => foi_fragment_cache_read(key_path),
+                        :content_type => (AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream')
+                end
                 return
             end
 
-- 
cgit v1.2.3