From 2fa9d317628f64dfe857ce43b3d114735a06b2ae Mon Sep 17 00:00:00 2001
From: bohung <bohung@rulingcom.com>
Date: Mon, 24 Oct 2022 16:08:42 +0800
Subject: [PATCH] Fix vulnerable.

---
 app/controllers/admin/researchs_controller.rb     | 4 ++--
 app/controllers/personal_researches_controller.rb | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/admin/researchs_controller.rb b/app/controllers/admin/researchs_controller.rb
index d591771..b4e749e 100644
--- a/app/controllers/admin/researchs_controller.rb
+++ b/app/controllers/admin/researchs_controller.rb
@@ -14,7 +14,7 @@ class Admin::ResearchsController < OrbitMemberController
   end
 
   def new
-    @member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
+    @member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
     @research = Research.new
     if params[:desktop]
       render :layout => false
@@ -162,7 +162,7 @@ class Admin::ResearchsController < OrbitMemberController
   end
 
   def frontend_setting
-    @member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
+    @member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
     @intro = ResearchIntro.find_by(:member_profile_id=>@member.id) rescue nil
     @intro = @intro.nil? ? ResearchIntro.new({:member_profile_id=>@member.id}) : @intro
   end
diff --git a/app/controllers/personal_researches_controller.rb b/app/controllers/personal_researches_controller.rb
index fb506b4..3584ffd 100644
--- a/app/controllers/personal_researches_controller.rb
+++ b/app/controllers/personal_researches_controller.rb
@@ -28,7 +28,7 @@ class PersonalResearchesController < ApplicationController
 
   def show
     params = OrbitHelper.params
-    plugin = Research.where(:is_hidden=>false).find_by(uid: params[:uid])
+    plugin = Research.where(:is_hidden=>false).find_by(uid: params[:uid].to_s)
     fields_to_show =[
       "year",
       "research_category",