Fix vulnerable.

2022-11-01 21:08:20 +08:00 · 2022-11-01 21:08:20 +08:00 · a827a607a4
parent e7eb1b0695
commit a827a607a4
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/personal_other_papers_controller.rb
+++ b/app/controllers/personal_other_papers_controller.rb
@ -155,7 +155,7 @@ class PersonalOtherPapersController < ApplicationController
 			other_papers = other_papers.where(:id.in=>tmp_other_papers.map{|p| p.id})
 		elsif select_field.split(".").count > 1
 			relate_name = select_field.split(".").first
-			field_name = select_field.split(".").last
+			field_name = select_field.split(".").last.gsub(/^\$+/, '')
 			relate = relate_name.classify.constantize
 			relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id)	
 			other_papers = other_papers.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids})