Set up sandbox

2016-11-30 13:39:58 +01:00
parent ee8386c479
commit 54f8549c43
4 changed files with 106 additions and 0 deletions
--- a/app/controllers/sandbox_controller.rb
+++ b/app/controllers/sandbox_controller.rb
@@ -0,0 +1,27 @@
+class SandboxController < ApplicationController
+  skip_authorization_check
+
+  def index
+    @templates = Dir.glob(Rails.root.join('app/views/sandbox/*.html.erb').to_s).map do |filename|
+      filename = File.basename(filename, File.extname(filename))
+      filename unless filename.starts_with?('_') || filename == 'index.html'
+    end.compact
+  end
+
+  def show
+    if params[:template].index('.') # CVE-2014-0130
+      render :action => "index"
+    elsif lookup_context.exists?("sandbox/#{params[:template]}")
+      if params[:template] == "index"
+        render :action => "index"
+      else
+        render "sandbox/#{params[:template]}"
+      end
+
+    elsif lookup_context.exists?("sandbox/#{params[:template]}/index")
+      render "sandbox/#{params[:template]}/index"
+    else
+      render :action => "index"
+    end
+  end
+end