cafe-grader-web

Commit r291:43d936feb73b public

parent | child
Description:
fixed X-Sendfile restriction on output download
Commit status:
[Not Reviewed]
References:
default
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r291:43d936feb73b - - 1 file changed: 9 inserted, 5 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -134,53 +134,57
134 end
134 end
135 prepare_grading_result(@submission)
135 prepare_grading_result(@submission)
136 end
136 end
137
137
138 def load_output
138 def load_output
139 if !Configuration.show_grading_result or params[:num]==nil
139 if !Configuration.show_grading_result or params[:num]==nil
140 redirect_to :action => 'list' and return
140 redirect_to :action => 'list' and return
141 end
141 end
142 @user = User.find(session[:user_id])
142 @user = User.find(session[:user_id])
143 @submission = Submission.find(params[:id])
143 @submission = Submission.find(params[:id])
144 if @submission.user!=@user
144 if @submission.user!=@user
145 flash[:notice] = 'You are not allowed to view result of other users.'
145 flash[:notice] = 'You are not allowed to view result of other users.'
146 redirect_to :action => 'list' and return
146 redirect_to :action => 'list' and return
147 end
147 end
148 case_num = params[:num].to_i
148 case_num = params[:num].to_i
149 out_filename = output_filename(@user.login,
149 out_filename = output_filename(@user.login,
150 @submission.problem.name,
150 @submission.problem.name,
151 @submission.id,
151 @submission.id,
152 case_num)
152 case_num)
153 if !FileTest.exists?(out_filename)
153 if !FileTest.exists?(out_filename)
154 flash[:notice] = 'Output not found.'
154 flash[:notice] = 'Output not found.'
155 redirect_to :action => 'list' and return
155 redirect_to :action => 'list' and return
156 end
156 end
157
157
158 - response.headers['Content-Type'] = "application/force-download"
158 + if defined?(USE_APACHE_XSENDFILE) and USE_APACHE_XSENDFILE
159 - response.headers['Content-Disposition'] = "attachment; filename=\"output-#{case_num}.txt\""
159 + response.headers['Content-Type'] = "application/force-download"
160 - response.headers["X-Sendfile"] = out_filename
160 + response.headers['Content-Disposition'] = "attachment; filename=\"output-#{case_num}.txt\""
161 - response.headers['Content-length'] = File.size(out_filename)
161 + response.headers["X-Sendfile"] = out_filename
162 - render :nothing => true
162 + response.headers['Content-length'] = File.size(out_filename)
163 + render :nothing => true
164 + else
165 + send_file out_filename, :stream => false, :filename => "output-#{case_num}.txt", :type => "text/plain"
166 + end
163 end
167 end
164
168
165 def error
169 def error
166 @user = User.find(session[:user_id])
170 @user = User.find(session[:user_id])
167 end
171 end
168
172
169 # announcement refreshing and hiding methods
173 # announcement refreshing and hiding methods
170
174
171 def announcements
175 def announcements
172 if params.has_key? 'recent'
176 if params.has_key? 'recent'
173 prepare_announcements(params[:recent])
177 prepare_announcements(params[:recent])
174 else
178 else
175 prepare_announcements
179 prepare_announcements
176 end
180 end
177 render(:partial => 'announcement',
181 render(:partial => 'announcement',
178 :collection => @announcements,
182 :collection => @announcements,
179 :locals => {:announcement_effect => true})
183 :locals => {:announcement_effect => true})
180 end
184 end
181
185
182 protected
186 protected
183
187
184 def prepare_announcements(recent=nil)
188 def prepare_announcements(recent=nil)
185 if Configuration.show_tasks_to?(@user)
189 if Configuration.show_tasks_to?(@user)
186 @announcements = Announcement.find_published(true)
190 @announcements = Announcement.find_published(true)
You need to be logged in to leave comments. Login now