Fix vulnerable.

app/controllers/personal_techniques_controller.rb

@@ -154,7 +154,7 @@ class PersonalTechniquesController < ApplicationController
 			techniques = techniques.where(:id.in=>tmp_techniques.map{|p| p.id})
 		elsif select_field.split(".").count > 1
 			relate_name = select_field.split(".").first
-			field_name = select_field.split(".").last
+			field_name = select_field.split(".").last.gsub(/^\$+/, '')
 			relate = relate_name.classify.constantize
 			relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id)	
 			techniques = techniques.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids})