app/controllers/muck/recommendations_controller.rb in muck-raker-0.1.21 vs app/controllers/muck/recommendations_controller.rb in muck-raker-0.1.22

@@ -5,45 +5,49 @@
   # GET /recommendations
   # GET /recommendations.xml
   def index
     @details = params[:details] == "true"
 
-    @referrer = request.env['HTTP_REFERER']
-    @uri = params[:u] || @referrer
+    @uri = params[:u] || request.env['HTTP_REFERER']
+    if !allowed_uri(@uri)
+      render :text => '<!-- permission denied -->'
+      return
+    end
     
     if params[:educommons]
       @uri = @uri[%r=http://.*?/.*?/[^/]+=] || @uri
       params[:title] = true
       params[:more_link] = true
     end
 
     Entry.track_time_on_page(session, @uri)
-    @document = Entry.recommender_entry(@uri)
-#    I18n.locale = @document.language[0..1] if !@document.nil?
+    @entry = Entry.recommender_entry(@uri)
+#    I18n.locale = @entry.language[0..1] if !@entry.nil?
 
     @limit = params[:limit] ? params[:limit].to_i : 5
     @limit = 25 if @limit > 25
     
     respond_to do |format|
       format.html {
-        @languages = Language.find(:all, :order => "name")
         order = params[:order] || "mixed"
-        redirect_to "/documents/" + @document.id.to_s + "?limit=" + @limit.to_s + "&order=" + order + "&details=" + @details.to_s if !@document.nil?
-        render(:template => '/recommendations/document_not_found.html.erb', :layout => false) if @document.nil?
-        @recommendations = @entry.recommendations(@limit, params[:order] || "relevance")
+        redirect_to resource_path(@entry) + "?limit=" + @limit.to_s + "&order=" + order + "&details=" + @details.to_s if !@entry.id.nil?
       } 
       format.xml  { 
-        render(:template => '/recommendations/index.xml.builder', :layout => false) 
+        render(:template => @entry.id.nil? ? '/recommendations/index_real_time.xml.builder' : '/recommendations/index.xml.builder', :layout => false) 
       }
       format.pjs {
-        if @document.nil?
-          render_text ""
-        else
-          @host = "http://" + URI.parse(@uri).host
-          render(:template => 'recommendations/index.pjs.erb', :layout => false)  
-        end
+        @host = "http://" + URI.parse(@uri).host
+        render(:template => @entry.id.nil? ? 'recommendations/index_real_time.pjs.erb' : 'recommendations/index.pjs.erb', :layout => false)
       }
-      format.rss { render(:template => 'recommendations/index.rss.builder', :layout => false)  }
+      format.rss {
+        render(:template => 'recommendations/index.rss.builder', :layout => false)  
+      }
     end
+  end
+  
+  protected
+  
+  def allowed_uri(uri)
+    uri.match(/^(10\.|192\.168|172\.|127\.)/) == nil && uri.include?('localhost') == false
   end
   
 end