Contents

module RailsConnector
  class PdfExternalController < ApplicationController # :nodoc: all
    skip_before_filter :verify_authenticity_token
    before_filter :validate_inputs

    def index
      send_file(
        FopOnRails.generate_pdf(
          params[:xml_url],
          params[:xsl_url],
          params[:tidy]
        ),
        :filename => "#{params[:filename] || 'output'}.pdf",
        :type => 'application/pdf'
      )
    end

    private

    def validate_inputs
      validate_input('xml', params['xml_url'])
      validate_input('xsl', params['xsl_url'])
      validate_hosts
    end

    def validate_input(type, url)
      unless url and valid_url?(url)
        raise "Invalid #{type} input URL: #{url || 'empty'}"
      end
    end

    def valid_url?(url)
      begin
        URI.parse(url)
      rescue URI::InvalidURIError
        return false
      end
      true
    end

    def validate_hosts
      xml_host, xsl_host = URI.parse(params['xml_url']).host, URI.parse(params['xsl_url']).host
      bad_host = [xml_host, xsl_host].detect do |host|
        !Configuration::PdfGenerator.host_allowed?(host)
      end
      if bad_host
        render(
          :status => 403,
          :text => I18n.t(:"rails_connector.controllers.pdf_external.host_not_allowed", :host => bad_host)
        )
      end
    end
  end
end

Version data entries

21 entries across 21 versions & 1 rubygems

Version	Path
infopark_rails_connector-6.8.0.beta.200.621.4c8e1b0	app/controllers/rails_connector/pdf_external_controller.rb