Fix vulnerable.
This commit is contained in:
parent
779d49f128
commit
1439556e13
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
|
|
@ -3,7 +3,7 @@ class AnnouncementFeedsController < ApplicationController
|
|||
include Admin::AnnouncementsHelper
|
||||
def feed_add_remote
|
||||
if params[:url].present?
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
bulletin_feed = BulletinFeed.where(uid: uid).first
|
||||
if !(bulletin_feed.remote_urls.include?(params[:url]))
|
||||
bulletin_feed.remote_urls << params[:url]
|
||||
|
|
@ -14,7 +14,7 @@ class AnnouncementFeedsController < ApplicationController
|
|||
end
|
||||
def feed_remove_remote
|
||||
if params[:url].present?
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
bulletin_feed = BulletinFeed.where(uid: uid).first
|
||||
if bulletin_feed.remote_urls.delete(params[:url])
|
||||
bulletin_feed.save
|
||||
|
|
@ -23,7 +23,7 @@ class AnnouncementFeedsController < ApplicationController
|
|||
render :json => {success: true}
|
||||
end
|
||||
def feed
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
startdt = params[:start].blank? ? nil : params[:start]
|
||||
enddt = params[:end].blank? ? nil : params[:end]
|
||||
dt = params[:date].blank? ? nil : params[:date]
|
||||
|
|
@ -46,7 +46,7 @@ class AnnouncementFeedsController < ApplicationController
|
|||
end
|
||||
|
||||
def rssfeed
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
@bf = BulletinFeed.find_by(:uid => uid) rescue nil
|
||||
if !@bf.nil?
|
||||
tags = @bf.tag_ids
|
||||
|
|
|
|||
|
|
@ -543,7 +543,7 @@ class Bulletin
|
|||
http = Net::HTTP.new(new_uri.host, new_uri.port)
|
||||
if location.include?('https')
|
||||
http.use_ssl = true
|
||||
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||||
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
||||
end
|
||||
request.instance_variable_set(:@path, new_uri.path)
|
||||
response = self.http_request(http, request)
|
||||
|
|
|
|||
|
|
@ -130,11 +130,13 @@ class Admin::SitesController < OrbitAdminController
|
|||
end
|
||||
|
||||
def system_info
|
||||
@disk_free = `df -h /`.gsub("\n","<br/>").html_safe
|
||||
@nginx_version = %x[/usr/sbin/nginx -v 2>&1].gsub("\n","<br/>").html_safe
|
||||
@mongo_version = `mongod --version`.split("\n")[0].html_safe
|
||||
@linux_version = `lsb_release -d`.split(":")[1].html_safe rescue "Not Applicable"
|
||||
|
||||
@disk_free = `df -h /`.rstrip()
|
||||
@nginx_version = %x[/usr/sbin/nginx -v 2>&1].rstrip()
|
||||
@mongo_version = (Mongoid.default_client.command(buildInfo: 1).first[:version] rescue '')
|
||||
@linux_version = `lsb_release -ds`.rstrip()
|
||||
if @linux_version.blank?
|
||||
@linux_version = "Not Applicable"
|
||||
end
|
||||
|
||||
if !params[:user_logs].nil?
|
||||
@user_page = params[:page].to_i
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ module Admin::GmailHelper
|
|||
res_net = Net::HTTP.start(uri.host, uri.port,
|
||||
:use_ssl => uri.scheme == 'https',
|
||||
open_timeout: 60,read_timeout: 60,
|
||||
verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
|
||||
verify_mode: OpenSSL::SSL::VERIFY_PEER) do |http|
|
||||
req = Net::HTTP::Post.new(uri)
|
||||
req.content_type='application/x-www-form-urlencoded'
|
||||
req_params.each do |k,v|
|
||||
|
|
|
|||
|
|
@ -1,5 +1,15 @@
|
|||
module Admin::PlaygroundHelper
|
||||
|
||||
require 'securerandom'
|
||||
def secure_rand_number(max_num)
|
||||
if max_num.is_a?(Range)
|
||||
min_num = max_num.begin.to_i
|
||||
offset = max_num.exclude_end? ? 0 : 1
|
||||
max_num = max_num.end.to_i - min_num + offset
|
||||
min_num + SecureRandom.random_number(max_num)
|
||||
else
|
||||
SecureRandom.random_number(max_num.to_i)
|
||||
end
|
||||
end
|
||||
def make_announcement_fake_data(ma, total_count=5)
|
||||
page = Page.Where(:module => ma.key).first rescue nil
|
||||
if page.nil?
|
||||
|
|
@ -32,13 +42,13 @@ module Admin::PlaygroundHelper
|
|||
bulletin.remote_image_url = get_fake_image_url(ma.key)
|
||||
bulletin.save
|
||||
fake_ids << bulletin.id
|
||||
(1..rand(1..5)).each do |x|
|
||||
(1..secure_rand_number(1..5)).each do |x|
|
||||
bf = BulletinFile.new(:title_translations => get_random_title, :description_translations => get_random_title)
|
||||
bf.remote_file_url = get_fake_file_url(ma.key)
|
||||
bf.bulletin = bulletin
|
||||
bf.save
|
||||
end
|
||||
(1..rand(1..5)).each do |x|
|
||||
(1..secure_rand_number(1..5)).each do |x|
|
||||
bl = BulletinLink.new(:title_translations => get_random_title, :url => get_fake_link)
|
||||
bl.bulletin = bulletin
|
||||
bl.save
|
||||
|
|
@ -70,7 +80,7 @@ module Admin::PlaygroundHelper
|
|||
banner.category = cat
|
||||
banner.save
|
||||
fake_ids << banner.id
|
||||
(1..rand(2..4)).each do |x|
|
||||
(1..secure_rand_number(2..4)).each do |x|
|
||||
image = AdImage.new(:title_translations => get_random_title, :context_translations => get_random_title, :out_link => get_fake_link, :deadline => get_fake_date, :sort_number => x, :link_open => AdImage::LINK_OPEN_TYPES.sample)
|
||||
image.remote_file_url = get_fake_image_url(ma.key)
|
||||
image.banner = banner
|
||||
|
|
@ -116,13 +126,13 @@ module Admin::PlaygroundHelper
|
|||
qa.tags=tag
|
||||
qa.save
|
||||
fake_ids << qa.id
|
||||
(1..rand(1..5)).each do |x|
|
||||
(1..secure_rand_number(1..5)).each do |x|
|
||||
qf = QaFile.new(:title_translations => get_random_title, :description_translations => get_random_title)
|
||||
qf.remote_file_url = get_fake_file_url(ma.key)
|
||||
qf.qa = qa
|
||||
qf.save
|
||||
end
|
||||
(1..rand(1..5)).each do |x|
|
||||
(1..secure_rand_number(1..5)).each do |x|
|
||||
ql = QaLink.new(:title_translations => get_random_title, :url => get_fake_link)
|
||||
ql.qa = qa
|
||||
ql.save
|
||||
|
|
@ -167,7 +177,7 @@ module Admin::PlaygroundHelper
|
|||
archive.tags=tag
|
||||
archive.save
|
||||
fake_ids << archive.id
|
||||
(1..rand(1..5)).each do |x|
|
||||
(1..secure_rand_number(1..5)).each do |x|
|
||||
afm = ArchiveFileMultiple.new(:file_title_translations => get_random_title, :sort_number => x)
|
||||
afm.remote_file_url = get_fake_file_url(ma.key)
|
||||
afm.archive_file = archive
|
||||
|
|
@ -213,7 +223,7 @@ module Admin::PlaygroundHelper
|
|||
album.category = cat
|
||||
album.save
|
||||
fake_ids << album.id
|
||||
(1..rand(5..10)).each do |x|
|
||||
(1..secure_rand_number(5..10)).each do |x|
|
||||
image = AlbumImage.new(:title => get_random_title["zh_tw"], :description_translations => get_random_title, :order => x)
|
||||
image.remote_file_url = get_fake_image_url(ma.key)
|
||||
image.album = album
|
||||
|
|
@ -271,7 +281,7 @@ module Admin::PlaygroundHelper
|
|||
end
|
||||
|
||||
def get_fake_date(no=100)
|
||||
Time.now + rand(1..no).days
|
||||
Time.now + secure_rand_number(1..no).days
|
||||
end
|
||||
|
||||
def get_fake_link
|
||||
|
|
@ -289,11 +299,11 @@ module Admin::PlaygroundHelper
|
|||
end
|
||||
|
||||
def get_fake_file_url(key)
|
||||
OrbitStore::URL + "/fake_data/#{key}/files/" + rand(1..5).to_s + ".txt"
|
||||
OrbitStore::URL + "/fake_data/#{key}/files/" + secure_rand_number(1..5).to_s + ".txt"
|
||||
end
|
||||
|
||||
def get_fake_image_url(key)
|
||||
OrbitStore::URL + "/fake_data/#{key}/images/" + rand(1..15).to_s + ".jpg"
|
||||
OrbitStore::URL + "/fake_data/#{key}/images/" + secure_rand_number(1..15).to_s + ".jpg"
|
||||
end
|
||||
|
||||
def get_random_status
|
||||
|
|
|
|||
|
|
@ -250,7 +250,7 @@ module Orbit
|
|||
request = ActionDispatch::Request.new(env)
|
||||
request_path = env["REQUEST_PATH"].to_s.sub(/^\/#{I18n.locale}\//, '/')
|
||||
session = env["rack.session"]
|
||||
if Rails.env != "production" && request_path.start_with?('/admin') && (@current_user = (session[:user_id] ? User.find(session[:user_id]) : nil) rescue nil)
|
||||
if (Site::DEBUG rescue false) || (Rails.env != "production" && request_path.start_with?('/admin') && (@current_user = (session[:user_id] ? User.find(session[:user_id]) : nil) rescue nil))
|
||||
exception = env['action_dispatch.exception']
|
||||
@routes_app = env["action_dispatch.routes"]
|
||||
if Is_Rails5
|
||||
|
|
|
|||
Loading…
Reference in New Issue