chiu
/
event_news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix vulnerable.

This commit is contained in:
BoHung Chiu 2022-10-24 16:26:33 +08:00
parent 910a8278d3
commit 162b254f40
6 changed files with 10017 additions and 2662 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10007
app/assets/javascripts/event_news/wpex.js Normal file
View File

File diff suppressed because it is too large Load Diff

2657
app/assets/javascripts/event_news/wpex.min.js vendored
View File

File diff suppressed because one or more lines are too long

5
app/assets/javascripts/event_news_calendar_widget2.js
View File

@ -165,7 +165,7 @@
'</div>')
tp = $('<div class="event-container-one has-dialog"><div class="title_temp"></div><div class="duration_temp"></div><div class="event-content"></div>'+modal_tp+'</div>')
}else{
tp = $('<a class="event-container-one"><div class="title_temp"></div><div class="duration_temp"></div><div class="event-content"></div></a>').attr('href',v.url_linked)
tp = $('<a class="event-container-one"><div class="title_temp"></div><div class="duration_temp"></div><div class="event-content"></div></a>')
}
var sd = formate_datetime(v.start),
ed = formate_datetime(v.end),
@ -189,6 +189,9 @@
event_temp.find('.event-header .duration').html(duration)
}
event_temp.find('.event-containers').append(tp)
if(v.url_linked != ''){
tp.attr('href',v.url_linked)
}
})
if (active_flag){
event_temp.addClass('active')

4
app/controllers/event_news_feeds_controller.rb
View File

@ -2,13 +2,13 @@ require "rss"
class EventNewsFeedsController < ApplicationController
include Admin::EventNewsHelper
def feed
uid = params[:uid]
uid = params[:uid].to_s
anns = get_event_news(uid)
render :json => anns.to_json
end
def rssfeed
uid = params[:uid]
uid = params[:uid].to_s
@bf = EventNewsFeed.find_by(:uid => uid) rescue nil
if !@bf.nil?
tags = @bf.tag_ids

4
app/controllers/event_news_mods_controller.rb
View File

@ -475,7 +475,7 @@ class EventNewsModsController < ApplicationController
end
if event_news_cache.count == 0 || is_random
EventNews.remove_expired_status
uid = OrbitHelper.params[:uid] rescue ""
uid = OrbitHelper.params[:uid].to_s rescue ""
event_news_for_locale = EventNews.where(:title.nin => ["",nil], :uid.ne => uid).is_approved_and_show.filter_cats_and_tags(cats,tags)
if @show_today_data_first
sorted_event_news = event_news_for_locale.can_display_and_sorted_according_today
@ -767,7 +767,7 @@ class EventNewsModsController < ApplicationController
def show
params = OrbitHelper.params
uid = params[:uid]
uid = params[:uid].to_s
if OrbitHelper.is_object_from_feed?(uid)
show_feed_event_news(uid)
else

2
app/helpers/event_news_helper.rb
View File

@ -330,7 +330,7 @@ module EventNewsHelper
if @target_action == "index"
filename = overridehtml.nil? ? params[:layout_type] : overridehtml
filename = overridehtml.nil? ? params[:layout_type].to_s.split('/').last : overridehtml
f = File.join(Rails.root, 'app', 'templates', "#{@key}", 'modules', 'event_news_mod', "#{filename}.html.erb")
if !File.exists?f
f = File.join(Rails.root, 'app', 'templates', "#{@key}", 'modules', 'event_news_mod', "index.html.erb")