Fix vulnerable.
This commit is contained in:
BoHung Chiu 2022-10-22 18:43:36 +08:00
parent 1100e57961
commit 8ee0655923
10 changed files with 84 additions and 87 deletions

View File

@ -436,16 +436,18 @@ class Admin::SeminarsController < OrbitAdminController
end end
end end
seminar_main_params = seminar_params seminar_main_params = seminar_params
seminar_signup_set_params = seminar_main_params['seminar_signup_field_sets'] if seminar.copy_id
seminar_submission_set_params = seminar_main_params['seminar_submission_field_sets'] seminar_signup_set_params = seminar_main_params['seminar_signup_field_sets_attributes']
seminar_email_sets_params = seminar_main_params['seminar_email_sets'] seminar_submission_set_params = seminar_main_params['seminar_submission_field_sets_attributes']
seminar_signup_field_customs_params = seminar_main_params["seminar_signup_field_customs"].to_h rescue {} seminar_email_sets_params = seminar_main_params['seminar_email_sets_attributes']
seminar_main_params["seminar_signup_field_customs"].to_h.each do |k,v| seminar_signup_field_customs_params = seminar_main_params["seminar_signup_field_customs_attributes"].to_h rescue {}
v.delete "title" seminar_signup_field_customs_params.each do |k,v|
v.delete "title"
end
seminar_main_params.delete(:seminar_signup_field_sets_attributes)
seminar_main_params.delete(:seminar_submission_field_sets_attributes)
seminar_main_params.delete(:seminar_email_sets_attributes)
end end
seminar_main_params.delete(:seminar_signup_field_sets)
seminar_main_params.delete(:seminar_submission_field_sets)
seminar_main_params.delete(:seminar_email_sets)
seminar = SeminarMain.new(seminar_main_params) seminar = SeminarMain.new(seminar_main_params)
seminar.create_user_id = current_user.id seminar.create_user_id = current_user.id
seminar.update_user_id = current_user.id seminar.update_user_id = current_user.id
@ -466,16 +468,6 @@ class Admin::SeminarsController < OrbitAdminController
seminar_signup_field_customs_params.each_with_index do |(key,value),i| seminar_signup_field_customs_params.each_with_index do |(key,value),i|
seminar.seminar_signup_field_customs[i].update(:seminar_signup_field_id => seminar.seminar_signup_fields.where(:title=>value["title"]).first.id) rescue nil seminar.seminar_signup_field_customs[i].update(:seminar_signup_field_id => seminar.seminar_signup_fields.where(:title=>value["title"]).first.id) rescue nil
end end
else
seminar_signup_set_params.each do |key,value|
seminar.seminar_signup_field_sets.create(value)
end
seminar_submission_set_params.each do |key,value|
seminar.seminar_submission_field_sets.create(value)
end
seminar_email_sets_params.each do |key,value|
seminar.seminar_email_sets.create(value)
end
end end
redirect_to params['referer_url'] redirect_to params['referer_url']

View File

@ -446,7 +446,7 @@ class SeminarsController < ApplicationController
status_param = '' status_param = ''
send_mail('signup',params[:seminar_signup][:email],params[:seminar_signup][:seminar_main_id],extra_text) send_mail('signup',params[:seminar_signup][:email],params[:seminar_signup][:seminar_main_id],extra_text)
end end
redirect_to "#{params[:referer_url]}/?method=signup_ok#{status_param}&serial_number=#{@seminar_signup.display_serial_number}" redirect_to "#{params[:referer_url].to_s.chomp('/')}/?method=signup_ok#{status_param}&serial_number=#{@seminar_signup.display_serial_number}"
else else
if !@signup.blank? if !@signup.blank?
redirect_to "#{params[:referer_url]}", :notice => 'mail已存在' redirect_to "#{params[:referer_url]}", :notice => 'mail已存在'
@ -532,7 +532,7 @@ class SeminarsController < ApplicationController
end end
@seminar.unassigned_seminar_signup_ids = unassigned_seminar_signup_ids @seminar.unassigned_seminar_signup_ids = unassigned_seminar_signup_ids
@seminar.save @seminar.save
redirect_to "#{params[:referer_url]}/?method=con_upload" redirect_to "#{params[:referer_url].to_s.chomp('/')}/?method=con_upload"
else else
redirect_to "#{params[:referer_url]}", :notice => t('recaptcha.errors.verification_failed') redirect_to "#{params[:referer_url]}", :notice => t('recaptcha.errors.verification_failed')
end end
@ -582,7 +582,7 @@ class SeminarsController < ApplicationController
end end
@seminar.unassigned_seminar_signup_ids = unassigned_seminar_signup_ids @seminar.unassigned_seminar_signup_ids = unassigned_seminar_signup_ids
@seminar.save @seminar.save
redirect_to "#{params[:referer_url]}/?method=con_upload" redirect_to "#{params[:referer_url].to_s.chomp('/')}/?method=con_upload"
else else
redirect_to "#{params[:referer_url]}", :notice => t('recaptcha.errors.verification_failed') redirect_to "#{params[:referer_url]}", :notice => t('recaptcha.errors.verification_failed')
end end
@ -607,7 +607,7 @@ class SeminarsController < ApplicationController
end end
@seminar.unassigned_seminar_signup_ids = unassigned_seminar_signup_ids @seminar.unassigned_seminar_signup_ids = unassigned_seminar_signup_ids
@seminar.save @seminar.save
redirect_to "#{params[:referer_url]}/?method=con_upload" redirect_to "#{params[:referer_url].to_s.chomp('/')}/?method=con_upload"
end end
@ -711,9 +711,9 @@ class SeminarsController < ApplicationController
session[:seminar_signup_id] = @seminar_signup.id session[:seminar_signup_id] = @seminar_signup.id
session[:seminar_main_id] = @seminar_signup.seminar_main_id session[:seminar_main_id] = @seminar_signup.seminar_main_id
redirect_to "#{params[:referer_url]}/?method=con_upload" redirect_to "#{params[:referer_url].to_s.chomp('/')}/?method=con_upload"
else else
redirect_to "#{params[:referer_url]}/?method=con_login", :notice => '登入失敗' redirect_to "#{params[:referer_url].to_s.chomp('/')}/?method=con_login", :notice => '登入失敗'
end end
end end

View File

@ -8,6 +8,7 @@ class SeminarMain
include OrbitCategory::Categorizable include OrbitCategory::Categorizable
include Slug include Slug
ChoiceTypes = ["checkbox","radio","select"] ChoiceTypes = ["checkbox","radio","select"]
ExceptFieldSetDisplays = ["password", "recaptcha"]
field :annc_count, :type => Integer, :default => 0 field :annc_count, :type => Integer, :default => 0
field :album_count, :type => Integer, :default => 0 field :album_count, :type => Integer, :default => 0
field :copy_id field :copy_id

View File

@ -3,7 +3,7 @@ class SeminarSignup
include Mongoid::Document include Mongoid::Document
include Mongoid::Timestamps include Mongoid::Timestamps
HiddenFields = ['seminar_signup_id','_id', 'created_at', 'updated_at','seminar_main_id',"serial_number","final_session","final_sessions","preferred_sessions",'seminar_session_id',"seminar_session_ids","preferred_session","sort_number","abstract_number","presentation_type"] HiddenFields = ['seminar_signup_id','_id', 'created_at', 'updated_at','seminar_main_id',"serial_number","final_session","final_sessions","preferred_sessions",'seminar_session_id',"seminar_session_ids","preferred_session","sort_number","abstract_number","presentation_type", "filename"]
DefaultEnableFields = ['status','name','tel','phone','email','password','recaptcha'] DefaultEnableFields = ['status','name','tel','phone','email','password','recaptcha']
field :sort_number , type: Integer, default: 10000 field :sort_number , type: Integer, default: 10000

View File

@ -42,7 +42,7 @@
<% val = t("seminar.registration_status_#{seminar_signup.status}") if !seminar_signup.status.blank? %> <% val = t("seminar.registration_status_#{seminar_signup.status}") if !seminar_signup.status.blank? %>
<% end %> <% end %>
<% elsif names[0] == "seminar_signup_field_custom" || names[0] == "seminar_signup_fields" %> <% elsif names[0] == "seminar_signup_field_custom" || names[0] == "seminar_signup_fields" %>
<% val = seminar_signup.seminar_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %> <% val = html_escape(seminar_signup.seminar_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "" %>
<% elsif names[0] == "seminar_signup_contributes" %> <% elsif names[0] == "seminar_signup_contributes" %>
<% if names[1] == "file" %> <% if names[1] == "file" %>
<% seminar_signup_contribute = @seminar_signup_contribute %> <% seminar_signup_contribute = @seminar_signup_contribute %>
@ -69,7 +69,7 @@
<% else %> <% else %>
<% file_content = File.read(file_path) rescue "" %> <% file_content = File.read(file_path) rescue "" %>
<% if file_content.is_utf8? %> <% if file_content.is_utf8? %>
<% file_content = file_content.gsub(/(\r\n|\n)/,"<br>")%> <% file_content = html_escape(file_content).gsub(/(\r\n|\n)/,"<br>") %>
<% val = "<div class=\"text_wrap\"><a class=\"pull-right\" href=\"#{file_url}\" title=\"#{t(:download)}\" download=\"#{filename}\">#{t(:download)}</a><div style=\"clear: both;\"></div><h4>#{file_title}</h4>#{file_content}</div>"%> <% val = "<div class=\"text_wrap\"><a class=\"pull-right\" href=\"#{file_url}\" title=\"#{t(:download)}\" download=\"#{filename}\">#{t(:download)}</a><div style=\"clear: both;\"></div><h4>#{file_title}</h4>#{file_content}</div>"%>
<% else %> <% else %>
<% val = link_to( file_title, file_url , {:target => '_blank', :title => Nokogiri::HTML(description.gsub("<br>"," , ")).text, :download=>filename} ) if seminar_signup_contribute.file.file %> <% val = link_to( file_title, file_url , {:target => '_blank', :title => Nokogiri::HTML(description.gsub("<br>"," , ")).text, :download=>filename} ) if seminar_signup_contribute.file.file %>
@ -91,12 +91,13 @@
<% end %> <% end %>
<% end %> <% end %>
<% elsif names[0] == "seminar_submission_fields" %> <% elsif names[0] == "seminar_submission_fields" %>
<% val = @seminar_signup_contribute.seminar_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %>
<% seminar_submission_field = seminar_signup.seminar_main.seminar_submission_fields.where(:key=>names[1]).first %> <% seminar_submission_field = seminar_signup.seminar_main.seminar_submission_fields.where(:key=>names[1]).first %>
<% if seminar_submission_field && seminar_submission_field.markup == "seminar_preferred_session" <% if seminar_submission_field && seminar_submission_field.markup == "seminar_preferred_session"
seminar_submission_value = @seminar_signup_contribute.seminar_submission_values.where(:key=>names[1]).first seminar_submission_value = @seminar_signup_contribute.seminar_submission_values.where(:key=>names[1]).first
val = "<span data-id=\"#{seminar_submission_value.id rescue ''}\">#{(seminar_submission_value.get_value_by_locale(I18n.locale) rescue "")}</span>" val = "<span data-id=\"#{seminar_submission_value.id rescue ''}\">#{(html_escape(seminar_submission_value.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "")}</span>"
end %> else
val = html_escape(@seminar_signup_contribute.seminar_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue ""
end %>
<% elsif names[0] == "seminar_signup" %> <% elsif names[0] == "seminar_signup" %>
<% val = (seminar_signup.send("display_"+names[1]) rescue seminar_signup.send(names[1])) rescue nil %> <% val = (seminar_signup.send("display_"+names[1]) rescue seminar_signup.send(names[1])) rescue nil %>
<% elsif names[0] == "seminar_review_result" %> <% elsif names[0] == "seminar_review_result" %>

View File

@ -163,14 +163,6 @@
<%= f.email_field :email, :class=>"input-block-level", :placeholder=> t(:email), :required => true %> <a href="#" onclick="window.open(' <%= OrbitHelper.url_to_show(@seminar.to_param) %>?method=check_email&no=<%=@seminar.id%>&layout=false&email='+ $('input[type=email]').val() , 'check mail', config='height=100,width=300');" class="btn btn-primary">check mail</a> <%= f.email_field :email, :class=>"input-block-level", :placeholder=> t(:email), :required => true %> <a href="#" onclick="window.open(' <%= OrbitHelper.url_to_show(@seminar.to_param) %>?method=check_email&no=<%=@seminar.id%>&layout=false&email='+ $('input[type=email]').val() , 'check mail', config='height=100,width=300');" class="btn btn-primary">check mail</a>
</div> </div>
</div> </div>
<div class="control-group <%= @seminar.registration_status[0] == 'C' ? '' : 'hide' %>" id="registration_status">
<label for="password" class="control-label muted">*<%= t('seminar_signup.password') %></label>
<div class="controls">
<%= f.text_field :password, :class=>"input-block-level", :placeholder=> t('seminar_signup.password') %>
<%= t('seminar_signup.password_message') %>
</div>
</div>
<% end %> <% end %>
<% @form_index = 0 %> <% @form_index = 0 %>

View File

@ -185,20 +185,20 @@
<%= t("seminar_signup.#{attr_signup.field_name}") %> <%= t("seminar_signup.#{attr_signup.field_name}") %>
</td> </td>
<td> <td>
<%= show_set_field(attr_signup,'seminar_signup_field_sets',signup_index,'name') %> <%= show_set_field(attr_signup,'seminar_signup_field_sets_attributes',signup_index,'name') %>
</td> </td>
<td> <td>
<%= show_set_field(attr_signup,'seminar_signup_field_sets',signup_index,'placeholder') %> <%= show_set_field(attr_signup,'seminar_signup_field_sets_attributes',signup_index,'placeholder') %>
</td> </td>
<td> <td>
<input type="hidden" class="field_name" name='<%= "seminar_main[seminar_signup_field_sets][#{signup_index}][field_name]" %>' value="<%= attr_signup.field_name %>"> <input type="hidden" class="field_name" name='<%= "seminar_main[seminar_signup_field_sets_attributes][#{signup_index}][field_name]" %>' value="<%= attr_signup.field_name %>">
<input type="hidden" class="field_set" name='<%= "seminar_main[seminar_signup_field_sets][#{signup_index}][disabled]" %>' value="false"> <input type="hidden" class="field_set" name='<%= "seminar_main[seminar_signup_field_sets_attributes][#{signup_index}][disabled]" %>' value="false">
<%= check_box_tag("seminar_main[seminar_signup_field_sets][#{signup_index}][disabled]", true ,attr_signup.disabled) %> <%= check_box_tag("seminar_main[seminar_signup_field_sets_attributes][#{signup_index}][disabled]", true ,attr_signup.disabled) %>
</td> </td>
<td> <td>
<% if attr_signup.field_name != 'recaptcha' %> <% if attr_signup.field_name != 'recaptcha' %>
<input type="hidden" class="field_set" name='<%= "seminar_main[seminar_signup_field_sets][#{signup_index}][hidden]" %>' value="false"> <input type="hidden" class="field_set" name='<%= "seminar_main[seminar_signup_field_sets_attributes][#{signup_index}][hidden]" %>' value="false">
<%= check_box_tag("seminar_main[seminar_signup_field_sets][#{signup_index}][hidden]", true ,attr_signup.hidden) %> <%= check_box_tag("seminar_main[seminar_signup_field_sets_attributes][#{signup_index}][hidden]", true ,attr_signup.hidden) %>
<% end %> <% end %>
</td> </td>
</tr> </tr>
@ -224,19 +224,19 @@
<%= t("seminar_signup.#{attr_signup.field_name}") %> <%= t("seminar_signup.#{attr_signup.field_name}") %>
</td> </td>
<td> <td>
<%= show_set_field(attr_signup,'seminar_submission_field_sets',submission_index,'name') %> <%= show_set_field(attr_signup,'seminar_submission_field_sets_attributes',submission_index,'name') %>
</td> </td>
<td> <td>
<%= show_set_field(attr_signup,'seminar_submission_field_sets',submission_index,'placeholder') %> <%= show_set_field(attr_signup,'seminar_submission_field_sets_attributes',submission_index,'placeholder') %>
</td> </td>
<td> <td>
<input type="hidden" class="field_name" name='<%= "seminar_main[seminar_submission_field_sets][#{submission_index}][field_name]" %>' value="<%= attr_signup.field_name %>"> <input type="hidden" class="field_name" name='<%= "seminar_main[seminar_submission_field_sets_attributes][#{submission_index}][field_name]" %>' value="<%= attr_signup.field_name %>">
<input type="hidden" class="field_set" name='<%= "seminar_main[seminar_submission_field_sets][#{submission_index}][disabled]" %>' value="false"> <input type="hidden" class="field_set" name='<%= "seminar_main[seminar_submission_field_sets_attributes][#{submission_index}][disabled]" %>' value="false">
<%= check_box_tag("seminar_main[seminar_submission_field_sets][#{submission_index}][disabled]", true ,attr_signup.disabled) %> <%= check_box_tag("seminar_main[seminar_submission_field_sets_attributes][#{submission_index}][disabled]", true ,attr_signup.disabled) %>
</td> </td>
<td> <td>
<input type="hidden" class="field_set" name='<%= "seminar_main[seminar_submission_field_sets][#{submission_index}][hidden]" %>' value="false"> <input type="hidden" class="field_set" name='<%= "seminar_main[seminar_submission_field_sets_attributes][#{submission_index}][hidden]" %>' value="false">
<%= check_box_tag("seminar_main[seminar_submission_field_sets][#{submission_index}][hidden]", true ,attr_signup.hidden) %> <%= check_box_tag("seminar_main[seminar_submission_field_sets_attributes][#{submission_index}][hidden]", true ,attr_signup.hidden) %>
</td> </td>
</tr> </tr>
<% end %> <% end %>
@ -282,13 +282,13 @@
<%= seminar_signup_field.title rescue '' %> <%= seminar_signup_field.title rescue '' %>
</td> </td>
<td> <td>
<input type="hidden" class="field_set" name='<%= "seminar_main[seminar_signup_field_customs][#{custom_index}][hidden]" %>' value="false"> <input type="hidden" class="field_set" name='<%= "seminar_main[seminar_signup_field_customs_attributes][#{custom_index}][hidden]" %>' value="false">
<%= check_box_tag("seminar_main[seminar_signup_field_customs][#{custom_index}][hidden]", true ,attr_custom.hidden) %> <%= check_box_tag("seminar_main[seminar_signup_field_customs_attributes][#{custom_index}][hidden]", true ,attr_custom.hidden) %>
</td> </td>
<% if !attr_custom.new_record? %> <% if !attr_custom.new_record? %>
<input for="field_0" id="seminar_main_seminar_signup_field_customs_<%= custom_index.to_s %>_id" name="seminar_main[seminar_signup_field_customs][<%= custom_index.to_s %>][id]" type="hidden" value="<%= attr_custom.id.to_s %>"> <input for="field_0" id="seminar_main_seminar_signup_field_customs_attributes_<%= custom_index.to_s %>_id" name="seminar_main[seminar_signup_field_customs_attributes][<%= custom_index.to_s %>][id]" type="hidden" value="<%= attr_custom.id.to_s %>">
<% elsif f.object.copy_id.present? %> <% elsif f.object.copy_id.present? %>
<input name="seminar_main[seminar_signup_field_customs][<%= custom_index.to_s %>][title]" type="hidden" value="<%= attr_custom.seminar_signup_field.title.to_s %>"> <input name="seminar_main[seminar_signup_field_customs_attributes][<%= custom_index.to_s %>][title]" type="hidden" value="<%= attr_custom.seminar_signup_field.title.to_s %>">
<% end %> <% end %>
</tr> </tr>
<% end %> <% end %>

View File

@ -11,9 +11,15 @@
<% if @seminar.present? %> <% if @seminar.present? %>
<% if @seminar.seminar_signup_field_sets.count != 0 %> <% if @seminar.seminar_signup_field_sets.count != 0 %>
<% @seminar.seminar_signup_field_sets.each do |field_set| %> <% @seminar.seminar_signup_field_sets.each do |field_set| %>
<% next if field_set.field_name == "password" %> <%
<% default_hidden << "seminar_signup_field_set.#{field_set.field_name}" if (field_set.hidden) %> field_name = field_set.field_name
<% @field_names << "seminar_signup_field_set.#{field_set.field_name}" %> if SeminarMain::ExceptFieldSetDisplays.include?(field_name)
default_hidden << "seminar_signup_field_set.#{field_name}"
next
end
%>
<% default_hidden << "seminar_signup_field_set.#{field_name}" if (field_set.hidden) %>
<% @field_names << "seminar_signup_field_set.#{field_name}" %>
<% @field_name_translations << field_set.name[I18n.locale] %> <% @field_name_translations << field_set.name[I18n.locale] %>
<% end %> <% end %>
<% else %> <% else %>
@ -22,15 +28,11 @@
<% @field_name_translations << t(th) %> <% @field_name_translations << t(th) %>
<% end %> <% end %>
<% end %> <% end %>
<% if false #@seminar.seminar_signup_field_customs.count != 0 %> <% if @seminar.seminar_signup_field_customs.count != 0 %>
<% @seminar.seminar_signup_field_customs.each do |field_set| %> <% @seminar.seminar_signup_field_customs.each do |field_set| %>
<% s = SeminarSignupField.where(id:field_set.seminar_signup_field_id).first %> <% s = SeminarSignupField.where(id:field_set.seminar_signup_field_id).first %>
<% title = s.title rescue '' %>
<% next if title.blank? %>
<% next if s.key.blank? %> <% next if s.key.blank? %>
<% default_hidden << "seminar_signup_field_custom.#{s.key}" if (field_set.hidden) %> <% default_hidden << "seminar_signup_field_custom.#{s.key}" if (field_set.hidden) %>
<% @field_names << "seminar_signup_field_custom.#{s.key}" %>
<% @field_name_translations << (title)%>
<% end %> <% end %>
<% end %> <% end %>
<% @seminar.seminar_signup_fields.each do |s| %> <% @seminar.seminar_signup_fields.each do |s| %>
@ -71,6 +73,8 @@
<% @display_field = @seminar_signup_admin_setting.display_field rescue [] %> <% @display_field = @seminar_signup_admin_setting.display_field rescue [] %>
<% if @display_field.blank? <% if @display_field.blank?
@display_field = @field_names - default_hidden @display_field = @field_names - default_hidden
else
@display_field = @display_field - SeminarMain::ExceptFieldSetDisplays.map{|f| "seminar_signup_field_set.#{f}"}
end %> end %>
<% if @enable_review_result <% if @enable_review_result
@field_names.insert(1,"seminar_review_result.review") @field_names.insert(1,"seminar_review_result.review")
@ -92,9 +96,12 @@
<% seminar_signup_field_sets = SeminarSignupFieldSet.all.uniq{|s| s.field_name} %> <% seminar_signup_field_sets = SeminarSignupFieldSet.all.uniq{|s| s.field_name} %>
<% if seminar_signup_field_sets.count != 0 %> <% if seminar_signup_field_sets.count != 0 %>
<% seminar_signup_field_sets.each do |field_set| %> <% seminar_signup_field_sets.each do |field_set| %>
<% next if field_set.field_name == "password" %> <%
<% default_show << "seminar_signup_field_set.#{field_set.field_name}" if !(field_set.hidden) %> field_name = field_set.field_name
<% @field_names << "seminar_signup_field_set.#{field_set.field_name}" %> next if SeminarMain::ExceptFieldSetDisplays.include?(field_name)
%>
<% default_show << "seminar_signup_field_set.#{field_name}" if !(field_set.hidden) %>
<% @field_names << "seminar_signup_field_set.#{field_name}" %>
<% @field_name_translations << field_set.name[I18n.locale] %> <% @field_name_translations << field_set.name[I18n.locale] %>
<% end %> <% end %>
<% else %> <% else %>
@ -104,13 +111,10 @@
<% end %> <% end %>
<% end %> <% end %>
<% seminar_signup_field_customs = SeminarSignupFieldCustom.all.map{|field_set| SeminarSignupField.where(id: field_set.seminar_signup_field_id).first}.select{|s| !s.nil?}.uniq{|s| s.key } %> <% seminar_signup_field_customs = SeminarSignupFieldCustom.all.map{|field_set| SeminarSignupField.where(id: field_set.seminar_signup_field_id).first}.select{|s| !s.nil?}.uniq{|s| s.key } %>
<% if false #seminar_signup_field_customs.count != 0 %> <% if seminar_signup_field_customs.count != 0 %>
<% seminar_signup_field_customs.each do |s| %> <% seminar_signup_field_customs.each do |s| %>
<% title = s.title rescue '' %>
<% next if title.blank? %>
<% next if s.key.blank? %> <% next if s.key.blank? %>
<% @field_names << "seminar_signup_field_custom.#{s.key}" %> <% default_hidden << "seminar_signup_field_custom.#{s.key}" if (field_set.hidden) %>
<% @field_name_translations << (title)%>
<% end %> <% end %>
<% end %> <% end %>
<% seminar_signup_fields = SeminarSignupField.all.uniq{|s| s.key} %> <% seminar_signup_fields = SeminarSignupField.all.uniq{|s| s.key} %>
@ -141,6 +145,8 @@
<% @display_field = @seminar_signup_admin_setting.display_field %> <% @display_field = @seminar_signup_admin_setting.display_field %>
<% @display_field.delete("seminar_signup_field_set.password") %> <% @display_field.delete("seminar_signup_field_set.password") %>
<% if @display_field.blank? <% if @display_field.blank?
@display_field = default_show @display_field = default_show - default_hidden
else
@display_field = @display_field - SeminarMain::ExceptFieldSetDisplays.map{|f| "seminar_signup_field_set.#{f}"}
end %> end %>
<% end %> <% end %>

View File

@ -81,7 +81,7 @@
<% val = t("seminar.registration_status_#{seminar_signup.status}") if !seminar_signup.status.blank? %> <% val = t("seminar.registration_status_#{seminar_signup.status}") if !seminar_signup.status.blank? %>
<% end %> <% end %>
<% elsif names[0] == "seminar_signup_field_custom" || names[0] == "seminar_signup_fields" %> <% elsif names[0] == "seminar_signup_field_custom" || names[0] == "seminar_signup_fields" %>
<% val = seminar_signup.seminar_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %> <% val = html_escape(seminar_signup.seminar_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "" %>
<% elsif names[0] == "seminar_signup_contributes" %> <% elsif names[0] == "seminar_signup_contributes" %>
<% if names[1] == "file" %> <% if names[1] == "file" %>
<% val = seminar_signup_contributes %> <% val = seminar_signup_contributes %>
@ -103,16 +103,17 @@
<% end %> <% end %>
<% end %> <% end %>
<% elsif names[0] == "seminar_submission_fields" %> <% elsif names[0] == "seminar_submission_fields" %>
<% val = seminar_signup_contributes.collect{|s| (s.seminar_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "")} %>
<% seminar_submission_field = seminar_signup.seminar_main.seminar_submission_fields.where(:key=>names[1]).first %> <% seminar_submission_field = seminar_signup.seminar_main.seminar_submission_fields.where(:key=>names[1]).first %>
<% if seminar_submission_field && seminar_submission_field.markup == "seminar_preferred_session" <% if seminar_submission_field && seminar_submission_field.markup == "seminar_preferred_session"
val = seminar_signup_contributes.collect{|s| val = seminar_signup_contributes.collect{|s|
seminar_submission_value = s.seminar_submission_values.where(:key=>names[1]).first seminar_submission_value = s.seminar_submission_values.where(:key=>names[1]).first
"<span data-id=\"#{seminar_submission_value.id rescue ''}\">#{(seminar_submission_value.get_value_by_locale(I18n.locale) rescue "")}</span>"} "<span data-id=\"#{seminar_submission_value.id rescue ''}\">#{(html_escape(seminar_submission_value.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "")}</span>"}
edit_urls[i] = [] edit_urls[i] = []
seminar_submission_values = seminar_signup_contributes.collect{|s| s.seminar_submission_values.where(:key=>names[1]).first } seminar_submission_values = seminar_signup_contributes.collect{|s| s.seminar_submission_values.where(:key=>names[1]).first }
edit_urls[i] = seminar_submission_values.map{|seminar_submission_value| edit_admin_seminar_submission_value_path(seminar_submission_value.id) rescue "#"} edit_urls[i] = seminar_submission_values.map{|seminar_submission_value| edit_admin_seminar_submission_value_path(seminar_submission_value.id) rescue nil}
end %> else
val = seminar_signup_contributes.collect{|s| (html_escape(s.seminar_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "")}
end %>
<% elsif names[0] == "seminar_signup" %> <% elsif names[0] == "seminar_signup" %>
<% val = (seminar_signup.send("display_"+names[1]) rescue seminar_signup.send(names[1])) rescue nil %> <% val = (seminar_signup.send("display_"+names[1]) rescue seminar_signup.send(names[1])) rescue nil %>
<% elsif names[0] == "seminar_review_result" %> <% elsif names[0] == "seminar_review_result" %>

View File

@ -4,7 +4,11 @@
@seminar = data["seminar"] @seminar = data["seminar"]
@time_now = data["time_now"] @time_now = data["time_now"]
%> %>
<style type="text/css">
.alert-error{
color: red;
}
</style>
<% if (@seminar.contribute_start_date <= @time_now && (@seminar.contribute_end_date.nil? or @seminar.contribute_end_date+1 >= @time_now ) rescue false) %> <% if (@seminar.contribute_start_date <= @time_now && (@seminar.contribute_end_date.nil? or @seminar.contribute_end_date+1 >= @time_now ) rescue false) %>
<section id="main-wrap"> <section id="main-wrap">