Class: CASServer::Controllers::Themes

Inherits:
R
  • Object
show all
Defined in:
lib/casserver/controllers.rb

Constant Summary collapse

MIME_TYPES = 
{'.css' => 'text/css', '.js' => 'text/javascript', 
'.jpg' => 'image/jpeg'}
PATH = 
$CONF.themes_dir || File.expand_path(File.dirname(__FILE__))+'/../themes'

Instance Method Summary collapse

Instance Method Details

#get(path) ⇒ Object 



434
435
436
437
438
439
440
441
442
443
444
445
 
# File 'lib/casserver/controllers.rb', line 434

def get(path)
  headers['Content-Type'] = MIME_TYPES[path[/\.\w+$/, 0]] || "text/plain"
  unless path.include? ".." # prevent directory traversal attacks
    headers['X-Sendfile'] = "#{PATH}/#{path}"
    data = File.read(headers['X-Sendfile']) 
    headers['Content-Length'] = data.size.to_s # Rack Camping adapter chokes without this
    return data
  else
    status = "403"
    "403 - Invalid path"
  end
end