diff --git a/app/controllers/sandbox_controller.rb b/app/controllers/sandbox_controller.rb new file mode 100644 index 000000000..12b5dd91e --- /dev/null +++ b/app/controllers/sandbox_controller.rb @@ -0,0 +1,45 @@ +class SandboxController < ApplicationController + skip_authorization_check + + layout :set_layout + + helper_method(:namespace) + + def index + @templates = Dir.glob(Rails.root.join('app/views/sandbox/*.html.erb').to_s).map do |filename| + filename = File.basename(filename, File.extname(filename)) + filename unless filename.starts_with?('_') || filename == 'index.html' + end.compact + end + + def show + if params[:template].index('.') # CVE-2014-0130 + render :action => "index" + elsif lookup_context.exists?("sandbox/#{params[:template]}") + if params[:template] == "index" + render :action => "index" + else + render "sandbox/#{params[:template]}" + end + + elsif lookup_context.exists?("sandbox/#{params[:template]}/index") + render "sandbox/#{params[:template]}/index" + else + render :action => "index" + end + end + + private + + def set_layout + if params[:template] && params[:template].split("_").first == "admin" + "admin" + else + "application" + end + end + + def namespace + "admin" + end +end diff --git a/app/views/sandbox/index.html.erb b/app/views/sandbox/index.html.erb new file mode 100644 index 000000000..9d6303698 --- /dev/null +++ b/app/views/sandbox/index.html.erb @@ -0,0 +1,13 @@ +
+
+
+

Welcome to sandbox

+ +
    + <% @templates.each do |template| %> +
  • <%= link_to template, "/sandbox/" + template %>
    • + <% end %> +
+
+
+
diff --git a/config/routes.rb b/config/routes.rb index b66410e22..b1a6d57b2 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,5 +1,10 @@ Rails.application.routes.draw do + if Rails.env.development? || Rails.env.staging? + get '/sandbox' => 'sandbox#index' + get '/sandbox/*template' => 'sandbox#show' + end + devise_for :users, controllers: { registrations: 'users/registrations', sessions: 'users/sessions',