From a827a607a4183605a9b00b070bbee2cf9b3f713e Mon Sep 17 00:00:00 2001 From: bohung Date: Tue, 1 Nov 2022 21:08:20 +0800 Subject: [PATCH] Fix vulnerable. --- app/controllers/personal_other_papers_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/personal_other_papers_controller.rb b/app/controllers/personal_other_papers_controller.rb index 41e13b4..10ba7df 100644 --- a/app/controllers/personal_other_papers_controller.rb +++ b/app/controllers/personal_other_papers_controller.rb @@ -155,7 +155,7 @@ class PersonalOtherPapersController < ApplicationController other_papers = other_papers.where(:id.in=>tmp_other_papers.map{|p| p.id}) elsif select_field.split(".").count > 1 relate_name = select_field.split(".").first - field_name = select_field.split(".").last + field_name = select_field.split(".").last.gsub(/^\$+/, '') relate = relate_name.classify.constantize relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id) other_papers = other_papers.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids})