Blocked access to theme_controller directly via /theme. (closes #243)

git-svn-id: http://svn.typosphere.org/typo/trunk@474 820eb932-12ee-0310-9ca8-eeb645f39767
publify · Jul 31, 2005 · dfe769d · dfe769d
1 parent 766a75f
commit dfe769d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/app/controllers/theme_controller.rb b/app/controllers/theme_controller.rb
@@ -12,7 +12,11 @@ def javascript
   def images
     render_theme_item(:images, params[:filename])
   end
-
+
+  def error
+    render :nothing => true, :status => 404
+  end
+
   private
 
   def render_theme_item(type, file, mime = mime_for(file))

diff --git a/config/routes.rb b/config/routes.rb
@@ -63,6 +63,12 @@
     :controller => 'theme', :action => 'javascript'
   map.connect 'images/theme/:filename',
     :controller => 'theme', :action => 'images'
+
+  # Kill attempts to connect directly to the theme controller.
+  # Ideally we'd disable these by removing the default route (below),
+  # but that breaks too many things for Typo 2.5.
+  map.connect 'theme/*stuff',
+    :controller => 'theme', :action => 'error'
 
   # Allow legacy urls to still work
   map.connect ':controller/:action/:id'