Fix vulnerable.

This commit is contained in:
BoHung Chiu 2022-11-01 21:08:20 +08:00
parent e7eb1b0695
commit a827a607a4
1 changed files with 1 additions and 1 deletions

View File

@ -155,7 +155,7 @@ class PersonalOtherPapersController < ApplicationController
other_papers = other_papers.where(:id.in=>tmp_other_papers.map{|p| p.id}) other_papers = other_papers.where(:id.in=>tmp_other_papers.map{|p| p.id})
elsif select_field.split(".").count > 1 elsif select_field.split(".").count > 1
relate_name = select_field.split(".").first relate_name = select_field.split(".").first
field_name = select_field.split(".").last field_name = select_field.split(".").last.gsub(/^\$+/, '')
relate = relate_name.classify.constantize relate = relate_name.classify.constantize
relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id) relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id)
other_papers = other_papers.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids}) other_papers = other_papers.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids})