Download as
Browse Code »

Commit 58e9c3655248914b1b6a0b3b68fcc4ccfafd73b7

Authored by Antonio Terceiro
1 parent 915f2250
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Refuse unexisting theme via GET parameter

Showing 1 changed file with 1 additions and 1 deletions   Show diff stats
app/helpers/application_helper.rb
  Diff comments   View file @58e9c36
... ... @@ -340,7 +340,7 @@ module ApplicationHelper
340 340 if ENV['RAILS_ENV'] == 'development' && environment.theme == 'random'
341 341 @random_theme ||= Dir.glob('public/designs/themes/*').map { |f| File.basename(f) }.rand
342 342 @random_theme
343   - elsif ENV['RAILS_ENV'] == 'development' && params[:theme]
  343 + elsif ENV['RAILS_ENV'] == 'development' && params[:theme] && File.exists?(File.join(Rails.root, 'public/designs/themes', params[:theme]))
344 344 params[:theme]
345 345 else
346 346 if profile && !profile.theme.nil?
... ...