Fix vulnerable.
This commit is contained in:
parent
63ec149248
commit
c1c099a6af
|
@ -52,7 +52,7 @@ class Admin::ProjectsController < OrbitMemberController
|
|||
end
|
||||
|
||||
def new
|
||||
@member = Array(MemberProfile.find_by(:uid=>params['uid'])) rescue nil
|
||||
@member = Array(MemberProfile.find_by(:uid=>params['uid'].to_s)) rescue nil
|
||||
@project = Project.new
|
||||
if params[:desktop]
|
||||
render :layout => false
|
||||
|
@ -203,7 +203,7 @@ class Admin::ProjectsController < OrbitMemberController
|
|||
end
|
||||
|
||||
def frontend_setting
|
||||
@member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
|
||||
@member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
|
||||
@intro = ProjectIntro.find_by(:member_profile_id=>@member.id) rescue nil
|
||||
@intro = @intro.nil? ? ProjectIntro.new({:member_profile_id=>@member.id}) : @intro
|
||||
end
|
||||
|
|
|
@ -34,7 +34,11 @@ class PersonalProjectsController < ApplicationController
|
|||
when 'note'
|
||||
projects_show = projects_temp.select { |value| search_all_words(Nokogiri::HTML(value.note).text, params[:keywords]) }
|
||||
else
|
||||
projects_show = projects_temp.select { |value| search_all_words(value.send(params[:selectbox]).to_s, params[:keywords]) }
|
||||
if fields_to_show.include?(params[:selectbox])
|
||||
projects_show = projects_temp.select { |value| search_all_words(value.send(params[:selectbox]).to_s, params[:keywords]) }
|
||||
else
|
||||
projects_show = projects_temp
|
||||
end
|
||||
end
|
||||
page_to_show = params[:page_no].nil? ? 1 : params[:page_no].to_i
|
||||
projects = projects_show[(page_to_show - 1) * page_data_count...page_to_show * page_data_count]
|
||||
|
@ -88,7 +92,8 @@ class PersonalProjectsController < ApplicationController
|
|||
choice = choice.map { |value| value.inject :merge }
|
||||
select_text = t('personal_project.search_class')
|
||||
search_text = t('personal_project.word_to_search')
|
||||
csrf_value = (0...46).map { ('a'..'z').to_a[rand(26)] }.join
|
||||
@_request = OrbitHelper.request
|
||||
csrf_value = form_authenticity_token
|
||||
{
|
||||
'projects' => project_list,
|
||||
'headers' => headers,
|
||||
|
@ -105,7 +110,7 @@ class PersonalProjectsController < ApplicationController
|
|||
|
||||
def show
|
||||
params = OrbitHelper.params
|
||||
plugin = Project.where(is_hidden: false).find_by(uid: params[:uid])
|
||||
plugin = Project.where(is_hidden: false).find_by(uid: params[:uid].to_s)
|
||||
fields_to_show = %w[
|
||||
year
|
||||
project_type
|
||||
|
|
Loading…
Reference in New Issue