46 lines
1.1 KiB
Ruby
46 lines
1.1 KiB
Ruby
class SandboxController < ApplicationController
|
|
skip_authorization_check
|
|
|
|
layout :set_layout
|
|
|
|
helper_method(:namespace)
|
|
|
|
def index
|
|
@templates = Dir.glob(Rails.root.join("app", "views", "sandbox", "*.html.erb").to_s).map do |filename|
|
|
filename = File.basename(filename, File.extname(filename))
|
|
filename unless filename.starts_with?("_") || filename == "index.html"
|
|
end.compact
|
|
end
|
|
|
|
def show
|
|
if params[:template].index(".") # CVE-2014-0130
|
|
render action: "index"
|
|
elsif lookup_context.exists?("sandbox/#{params[:template]}")
|
|
if params[:template] == "index"
|
|
render action: "index"
|
|
else
|
|
render "sandbox/#{params[:template]}"
|
|
end
|
|
|
|
elsif lookup_context.exists?("sandbox/#{params[:template]}/index")
|
|
render "sandbox/#{params[:template]}/index"
|
|
else
|
|
render action: "index"
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def set_layout
|
|
if params[:template] && params[:template].split("_").first == "admin"
|
|
"admin"
|
|
else
|
|
"application"
|
|
end
|
|
end
|
|
|
|
def namespace
|
|
"admin"
|
|
end
|
|
end
|