From 2b0f915f35ed54cb81ddb2fd68c941b1e0f66502 Mon Sep 17 00:00:00 2001
From: bohung <bohung@rulingcom.com>
Date: Tue, 1 Nov 2022 13:19:10 +0800
Subject: [PATCH] Fix vulnerable.

---
 app/assets/javascripts/bulletin/wpex.js | 7 +++++--
 app/helpers/announcements_helper.rb     | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/assets/javascripts/bulletin/wpex.js b/app/assets/javascripts/bulletin/wpex.js
index d67a8c4..5bc9aa1 100644
--- a/app/assets/javascripts/bulletin/wpex.js
+++ b/app/assets/javascripts/bulletin/wpex.js
@@ -2461,10 +2461,13 @@ $.fn.wpexEqualHeights = function (options) {
 				var elID    = $this.attr( 'id' );
 				var elClass = elID ? ' wpex-' + elID : '';
 				if ( $this.is( ':visible' ) ) {
+					var wpex_wrap = $('<div></div>');
+					wpex_wrap.insertBefore($this);
+					wpex_wrap.append($this);
 					if ( $this.attr( 'multiple' ) ) {
-						$this.wrap( '<div class="wpex-multiselect-wrap' + elClass + '"></div>' );
+						wpex_wrap.attr('class', 'wpex-multiselect-wrap' + elClass);
 					} else {
-						$this.wrap( '<div class="wpex-select-wrap' + elClass + '"></div>' );
+						wpex_wrap.attr('class', 'wpex-select-wrap' + elClass);
 					}
 				}
 			} );
diff --git a/app/helpers/announcements_helper.rb b/app/helpers/announcements_helper.rb
index 6b38d5f..41d0fe4 100644
--- a/app/helpers/announcements_helper.rb
+++ b/app/helpers/announcements_helper.rb
@@ -292,7 +292,7 @@ module AnnouncementsHelper
 
 
     if @target_action == "index"
-      filename = overridehtml.nil? ? params[:layout_type].to_s.split('/').last : overridehtml
+      filename = File.basename(overridehtml.nil? ? params[:layout_type] : overridehtml)
       f = File.join(Rails.root, 'app', 'templates', "#{@key}", 'modules', 'announcement', "#{filename}.html.erb")
       if !File.exists?f
         f = File.join(Rails.root, 'app', 'templates', "#{@key}", 'modules', 'announcement', "index.html.erb")