From 97884844bf588fe4eb2214399850057057433e6c Mon Sep 17 00:00:00 2001
From: bohung <bohung@rulingcom.com>
Date: Tue, 1 Nov 2022 21:08:45 +0800
Subject: [PATCH] Fix vulnerable.

---
 .../admin/personal_plugin_fields_controller.rb        | 11 ++++++-----
 .../personal_plugin_templates_controller.rb           |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/app/controllers/admin/personal_plugin_fields_controller.rb b/app/controllers/admin/personal_plugin_fields_controller.rb
index 71f08be..685e74c 100644
--- a/app/controllers/admin/personal_plugin_fields_controller.rb
+++ b/app/controllers/admin/personal_plugin_fields_controller.rb
@@ -8,7 +8,7 @@ class Admin::PersonalPluginFieldsController < OrbitMemberController
 	end
 
 	def new
-		@member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
+		@member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
 		@personal_plugin_field = PersonalPluginField.new
 	end
 	def download
@@ -16,19 +16,20 @@ class Admin::PersonalPluginFieldsController < OrbitMemberController
 		FileUtils.mkdir_p(zip_path) if !Dir.exist?(zip_path)
 		personal_plugin_field = PersonalPluginField.find(params[:personal_plugin_field_id]) rescue nil
 		if personal_plugin_field
-			zip_file_path = zip_path + "#{personal_plugin_field.module_name.split('/').last}.zip"
-			zip_file= ZipFileGenerator.new(zip_path + personal_plugin_field.module_name ,zip_file_path)
+			module_name = File.basename(personal_plugin_field.module_name)
+			zip_file_path = zip_path + "#{module_name}.zip"
+			zip_file= ZipFileGenerator.new(zip_path + module_name ,zip_file_path)
 			begin
 				zip_file.write
 			rescue
-				File.delete(zip_path + "#{personal_plugin_field.module_name}.zip")
+				File.delete(zip_path + "#{module_name}.zip")
 				zip_file.write
 			end
 			send_file(zip_file_path)
 		end
 	end
 	def copy
-		@member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
+		@member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
 		attributes = PersonalPluginField.find(params[:personal_plugin_field_id]).attributes rescue {}
 		attributes = attributes.except("_id")
 		copy_attributes = {}
diff --git a/template_generator/app/controllers/personal_plugin_templates_controller.rb b/template_generator/app/controllers/personal_plugin_templates_controller.rb
index 781a5e9..0e97864 100644
--- a/template_generator/app/controllers/personal_plugin_templates_controller.rb
+++ b/template_generator/app/controllers/personal_plugin_templates_controller.rb
@@ -119,7 +119,7 @@ class PersonalPluginTemplatesController < ApplicationController
 			plugin_templates = plugin_templates.where(:id.in=>tmp_plugin_templates.map{|p| p.id})
 		elsif select_field.split(".").count > 1
 			relate_name = select_field.split(".").first
-			field_name = select_field.split(".").last
+			field_name = select_field.split(".").last.gsub(/^\$+/, '')
 			relate = relate_name.classify.constantize
 			relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id)	
 			plugin_templates = plugin_templates.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids})