From 4843a52134d990eb1e3b5bdc192ffe9a8485ac60 Mon Sep 17 00:00:00 2001 From: chiu Date: Wed, 4 Aug 2021 20:08:42 +0800 Subject: [PATCH] fix error --- app/controllers/announcements_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/announcements_controller.rb b/app/controllers/announcements_controller.rb index de4ec49..b50b6a2 100644 --- a/app/controllers/announcements_controller.rb +++ b/app/controllers/announcements_controller.rb @@ -497,7 +497,7 @@ class AnnouncementsController < ApplicationController end def get_file @url = request.path - render :text => "Path not allow",:status => 404 if @url.match(/\/\.\./) + render :text => "Path not allow",:status => 404 and return if @url.match(/\/\.\./) begin file = BulletinFile.find(params[:id]) if File.basename(file.file.path) != URI.decode(params[:f_name])