Only render 404 page from /public

8346dde0 · Valery Sizov · fb8f604f · 8346dde0 · 8346dde0 · 8346dde0
15 changed file
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -47,6 +47,7 @@ v 8.1.0 (unreleased)
  - Persist filters when sorting on admin user page (Jerry Lukins)
  - Add spellcheck=false to certain input fields
  - Invalidate stored service password if the endpoint URL is changed
+  - Only render 404 page from /public

 v 8.0.4
  - Fix Message-ID header to be RFC 2111-compliant to prevent e-mails being dropped (Stan Hu)

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -30,7 +30,7 @@ class ApplicationController < ActionController::Base

  rescue_from ActiveRecord::RecordNotFound do |exception|
    log_exception(exception)
-    render "errors/not_found", layout: "errors", status: 404
+    render_404
  end

  protected
@@ -149,10 +149,6 @@ class ApplicationController < ActionController::Base
    render "errors/access_denied", layout: "errors", status: 404
  end

-  def not_found!
-    render "errors/not_found", layout: "errors", status: 404
-  end
-
  def git_not_found!
    render "errors/git_not_found", layout: "errors", status: 404
  end

--- a/app/controllers/import/bitbucket_controller.rb
+++ b/app/controllers/import/bitbucket_controller.rb
@@ -62,7 +62,7 @@ class Import::BitbucketController < Import::BaseController
  end

  def verify_bitbucket_import_enabled
-    not_found! unless bitbucket_import_enabled?
+    render_404 unless bitbucket_import_enabled?
  end

  def bitbucket_auth

--- a/app/controllers/import/fogbugz_controller.rb
+++ b/app/controllers/import/fogbugz_controller.rb
@@ -99,6 +99,6 @@ class Import::FogbugzController < Import::BaseController
  end

  def verify_fogbugz_import_enabled
-    not_found! unless fogbugz_import_enabled?
+    render_404 unless fogbugz_import_enabled?
  end
 end
--- a/app/controllers/import/github_controller.rb
+++ b/app/controllers/import/github_controller.rb
@@ -47,7 +47,7 @@ class Import::GithubController < Import::BaseController
  end

  def verify_github_import_enabled
-    not_found! unless github_import_enabled?
+    render_404 unless github_import_enabled?
  end

  def github_auth

--- a/app/controllers/import/gitlab_controller.rb
+++ b/app/controllers/import/gitlab_controller.rb
@@ -44,7 +44,7 @@ class Import::GitlabController < Import::BaseController
  end

  def verify_gitlab_import_enabled
-    not_found! unless gitlab_import_enabled?
+    render_404 unless gitlab_import_enabled?
  end

  def gitlab_auth

--- a/app/controllers/import/gitorious_controller.rb
+++ b/app/controllers/import/gitorious_controller.rb
@@ -42,7 +42,7 @@ class Import::GitoriousController < Import::BaseController
  end

  def verify_gitorious_import_enabled
-    not_found! unless gitorious_import_enabled?
+    render_404 unless gitorious_import_enabled?
  end

 end
--- a/app/controllers/import/google_code_controller.rb
+++ b/app/controllers/import/google_code_controller.rb
@@ -106,7 +106,7 @@ class Import::GoogleCodeController < Import::BaseController
  end

  def verify_google_code_import_enabled
-    not_found! unless google_code_import_enabled?
+    render_404 unless google_code_import_enabled?
  end

  def user_map

--- a/app/controllers/projects/avatars_controller.rb
+++ b/app/controllers/projects/avatars_controller.rb
@@ -12,7 +12,7 @@ class Projects::AvatarsController < Projects::ApplicationController
        filename: @blob.name
      )
    else
-      not_found!
+      render_404
    end
  end


--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -113,14 +113,14 @@ class Projects::BlobController < Projects::ApplicationController
        end
      end

-      return not_found!
+      return render_404
    end
  end

  def commit
    @commit = @repository.commit(@ref)

-    return not_found! unless @commit
+    return render_404 unless @commit
  end

  def assign_blob_vars
@@ -128,7 +128,7 @@ class Projects::BlobController < Projects::ApplicationController
    @ref, @path = extract_ref(@id)

  rescue InvalidPathError
-    not_found!
+    render_404
  end

  def after_edit_path

--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -20,7 +20,7 @@ class Projects::RawController < Projects::ApplicationController
        disposition: 'inline'
      )
    else
-      not_found!
+      render_404
    end
  end


--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -10,7 +10,7 @@ class Projects::TreeController < Projects::ApplicationController
  before_action :authorize_push_code!, only: [:create_dir]

  def show
-    return not_found! unless @repository.commit(@ref)
+    return render_404 unless @repository.commit(@ref)

    if tree.entries.empty?
      if @repository.blob_at(@commit.id, @path)
@@ -19,7 +19,7 @@ class Projects::TreeController < Projects::ApplicationController
                                      File.join(@ref, @path))
        ) and return
      elsif @path.present?
-        return not_found!
+        return render_404
      end
    end

@@ -31,7 +31,7 @@ class Projects::TreeController < Projects::ApplicationController
  end

  def create_dir
-    return not_found! unless @commit_params.values.all?
+    return render_404 unless @commit_params.values.all?

    begin
      result = Files::CreateDirService.new(@project, current_user, @commit_params).execute

--- a/app/controllers/projects/uploads_controller.rb
+++ b/app/controllers/projects/uploads_controller.rb
@@ -20,7 +20,7 @@ class Projects::UploadsController < Projects::ApplicationController
  end

  def show
-    return not_found! if uploader.nil? || !uploader.file.exists?
+    return render_404 if uploader.nil? || !uploader.file.exists?

    disposition = uploader.image? ? 'inline' : 'attachment'
    send_file uploader.file.path, disposition: disposition

--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -10,7 +10,7 @@ class UploadsController < ApplicationController
    end

    unless uploader.file && uploader.file.exists?
-      return not_found!
+      return render_404
    end

    disposition = uploader.image? ? 'inline' : 'attachment'
@@ -21,7 +21,7 @@ class UploadsController < ApplicationController

  def find_model
    unless upload_model && upload_mount
-      return not_found!
+      return render_404
    end

    @model = upload_model.find(params[:id])
@@ -44,7 +44,7 @@ class UploadsController < ApplicationController
    return if authorized

    if current_user
-      not_found!
+      render_404
    else
      authenticate_user!
    end

--- a/lib/extracts_path.rb
+++ b/lib/extracts_path.rb
@@ -110,7 +110,7 @@ module ExtractsPath
                                                      @project, @ref, @path)

  rescue RuntimeError, NoMethodError, InvalidPathError
-    not_found!
+    render_404
  end

  def tree