usable_token = find_usable_token(tokens) do
coll = Collection.find(params[:uuid])
end
+
+ file_name = params[:file].andand.sub(/^(\.\/|\/|)/, './')
if usable_token.nil?
return # Response already rendered.
- elsif params[:file].nil? or not coll.manifest.has_file?(params[:file])
+ elsif file_name.nil? or not coll.manifest.has_file?(file_name)
return render_not_found
end
return super if !@object
if current_user
if Keep::Locator.parse params["uuid"]
- @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]])
+ @same_pdh = Collection.filter([["portable_data_hash", "=", @object.portable_data_hash]]).limit(1000)
if @same_pdh.results.size == 1
redirect_to collection_path(@same_pdh[0]["uuid"])
return