From a75c50c6f40290011da80102b9b195caf05a81ca Mon Sep 17 00:00:00 2001 From: bohung Date: Tue, 1 Nov 2022 21:08:59 +0800 Subject: [PATCH] Fix vulnerable. --- app/controllers/personal_techniques_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/personal_techniques_controller.rb b/app/controllers/personal_techniques_controller.rb index a1f4658..8984912 100644 --- a/app/controllers/personal_techniques_controller.rb +++ b/app/controllers/personal_techniques_controller.rb @@ -154,7 +154,7 @@ class PersonalTechniquesController < ApplicationController techniques = techniques.where(:id.in=>tmp_techniques.map{|p| p.id}) elsif select_field.split(".").count > 1 relate_name = select_field.split(".").first - field_name = select_field.split(".").last + field_name = select_field.split(".").last.gsub(/^\$+/, '') relate = relate_name.classify.constantize relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id) techniques = techniques.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids})