Fix vulnerable.
This commit is contained in:
parent
10cb149fc7
commit
d86eb185dc
|
@ -380,14 +380,15 @@ class Admin::ApplicationFormsController < OrbitAdminController
|
|||
@categories = @module_app.categories.enabled
|
||||
@filter_fields = filter_fields(@categories)
|
||||
@table_fields = [:category, 'application_form.title', 'application_form.event_during', 'application_form.signup_count', 'application_form.export']
|
||||
|
||||
if !params[:sort].blank?
|
||||
params_sort = params[:sort].to_s
|
||||
if params_sort.present?
|
||||
params_order = params[:order].to_s
|
||||
if params[:sort] == 'event_during'
|
||||
sort = {:application_form_start_date.to_sym=>params[:order]}
|
||||
sort = {:application_form_start_date=>params_order}
|
||||
elsif params[:sort] == 'signup_during'
|
||||
sort = {:application_form_start_date.to_sym=>params[:order]}
|
||||
sort = {:application_form_start_date=>params_order}
|
||||
else
|
||||
sort = {params[:sort].to_sym=>params[:order]}
|
||||
sort = {params_sort=>params_order}
|
||||
end
|
||||
else
|
||||
sort = {:application_form_start_date=>"desc",:created_at=>"desc"}
|
||||
|
|
|
@ -4,6 +4,7 @@ class ApplicationFormsController < ApplicationController
|
|||
include MemberHelper
|
||||
include ActionView::Context #vary important (only add this can access @@session from view)
|
||||
include Admin::ApplicationFormsHelper
|
||||
FrontendMethods = ["show_privacy", "show_data", "check_email", "check_availability", "signup_ok", "edit_file", "con_login", "con_upload", "con_logout"]
|
||||
# include SimpleCaptcha::ControllerHelpers
|
||||
def index
|
||||
|
||||
|
@ -72,13 +73,14 @@ class ApplicationFormsController < ApplicationController
|
|||
end
|
||||
# def custom_frontend_data
|
||||
# params = OrbitHelper.params
|
||||
# application_form = ApplicationFormMain.find_by(:uid=>params[:uid])
|
||||
# uid = params[:uid].to_s
|
||||
# application_form = ApplicationFormMain.find_by(:uid=>uid)
|
||||
# @application_form = application_form
|
||||
# @site_in_use_locales = Site.first.in_use_locales rescue I18n.available_locales
|
||||
# application_form_template_setting = application_form.application_form_template_setting
|
||||
# @application_form_template_setting = application_form_template_setting
|
||||
# home_page = Page.where(:parent_page_id=>application_form.id).first
|
||||
# prefix_url = OrbitHelper.request.path.split("-").first + "-#{params[:uid]}"
|
||||
# prefix_url = OrbitHelper.request.path.split("-").first + "-#{uid}"
|
||||
# @prefix_url = prefix_url
|
||||
# header_data = "<a href=\"#{prefix_url}#{home_page.url}\">Home</a> | " +
|
||||
# "<a href=\"/\">Main Site</a>"
|
||||
|
@ -152,7 +154,7 @@ class ApplicationFormsController < ApplicationController
|
|||
# if params[:method].present?
|
||||
# main_content = render_other_method
|
||||
# elsif params[:current_page_module] == "application_forms_home"
|
||||
# application_form = ApplicationFormMain.where(uid: params[:uid]).first
|
||||
# application_form = ApplicationFormMain.where(uid: uid).first
|
||||
# time_now = Time.now
|
||||
# data = {
|
||||
# "application_form" => application_form,
|
||||
|
@ -168,7 +170,7 @@ class ApplicationFormsController < ApplicationController
|
|||
# elsif params[:current_page_module] == "application_forms_page"
|
||||
# time_now = Time.now
|
||||
# params = OrbitHelper.params
|
||||
# application_form = ApplicationFormMain.find_by(uid: params[:uid])
|
||||
# application_form = ApplicationFormMain.find_by(uid: uid)
|
||||
# if application_form.application_form_start_date <= time_now && ( application_form.application_form_end_date.nil? || application_form.application_form_end_date+1 >= time_now )
|
||||
# sign_up = ('<a href="'+ prefix_url + '" target="_blank">' + t('application_form.signup') + '</a>').html_safe
|
||||
# elsif application_form.registration_status.blank?
|
||||
|
@ -284,7 +286,7 @@ class ApplicationFormsController < ApplicationController
|
|||
|
||||
params = OrbitHelper.params
|
||||
|
||||
application_form = ApplicationFormMain.where(uid: params[:uid]).first
|
||||
application_form = ApplicationFormMain.where(uid: params[:uid].to_s).first
|
||||
|
||||
application_form_agreement = ApplicationFormAgreement.first
|
||||
|
||||
|
@ -301,7 +303,7 @@ class ApplicationFormsController < ApplicationController
|
|||
|
||||
params = OrbitHelper.params
|
||||
|
||||
application_form = ApplicationFormMain.find_by(uid: params[:uid])
|
||||
application_form = ApplicationFormMain.find_by(uid: params[:uid].to_s)
|
||||
|
||||
if application_form.application_form_start_date <= time_now && ( application_form.application_form_end_date.nil? || application_form.application_form_end_date+1 >= time_now )
|
||||
sign_up = ('<a href="'+ OrbitHelper.url_to_show(application_form.to_param) + '">' + t('application_form.signup') + '</a>').html_safe
|
||||
|
@ -347,7 +349,7 @@ class ApplicationFormsController < ApplicationController
|
|||
|
||||
categories = module_app.categories
|
||||
|
||||
application_form = ApplicationFormMain.where(uid: params[:uid]).first
|
||||
application_form = ApplicationFormMain.where(uid: params[:uid].to_s).first
|
||||
|
||||
application_form_signup = ApplicationFormSignup.new
|
||||
|
||||
|
@ -450,7 +452,7 @@ class ApplicationFormsController < ApplicationController
|
|||
def create
|
||||
form_params = params[:application_form_signup]
|
||||
form_params_email = form_params[:email]
|
||||
form_params_main_id = form_params[:application_form_main_id]
|
||||
form_params_main_id = form_params[:application_form_main_id].to_s
|
||||
@signup = nil #ApplicationFormSignup.where(email: form_params_email, application_form_main_id: form_params_main_id ).first
|
||||
|
||||
@application_form = ApplicationFormMain.where(id: form_params_main_id).first
|
||||
|
@ -741,7 +743,7 @@ class ApplicationFormsController < ApplicationController
|
|||
|
||||
params = OrbitHelper.params
|
||||
|
||||
application_form = ApplicationFormMain.find_by(uid: params[:uid])
|
||||
application_form = ApplicationFormMain.find_by(uid: params[:uid].to_s)
|
||||
|
||||
{
|
||||
'application_form' => application_form,
|
||||
|
@ -752,9 +754,10 @@ class ApplicationFormsController < ApplicationController
|
|||
|
||||
def con_login_proc
|
||||
|
||||
application_form = ApplicationFormMain.find_by(id: params[:application_form_signup][:application_form_main_id])
|
||||
application_form_main_id = params[:application_form_signup][:application_form_main_id].to_s
|
||||
application_form = ApplicationFormMain.find_by(id: application_form_main_id)
|
||||
|
||||
@application_form_signup = ApplicationFormSignup.where(:status=>'C', :email=> params[:user_name], :password => params[:password], :application_form_main_id => params[:application_form_signup][:application_form_main_id]).first
|
||||
@application_form_signup = ApplicationFormSignup.where(:status=>'C', :email=> params[:user_name], :password => params[:password], :application_form_main_id => application_form_main_id).first
|
||||
|
||||
if !@application_form_signup.blank?
|
||||
|
||||
|
|
|
@ -445,10 +445,14 @@ protected
|
|||
|
||||
def form_label
|
||||
if self.markup == "text_area"
|
||||
plc = typeD["placeholder"][I18n.locale].to_s.blank? ? '' : "(#{typeD["placeholder"][I18n.locale]})"
|
||||
"<span style='margin-right: 0.5em;'>"+
|
||||
label_tag(key,(!@require.blank? ? '*'+title : title),:class=>"col-sm-2 control-label muted",:style =>'display: contents;')+
|
||||
tag(:br)+"#{plc}</span>"
|
||||
plc = typeD["placeholder"][I18n.locale].to_s.blank? ? nil : "(#{typeD["placeholder"][I18n.locale]})"
|
||||
label_tag(key, '' , :class=>"col-sm-2 control-label muted") do
|
||||
concat (!@require.blank? ? '*'+title : title)
|
||||
if plc
|
||||
concat tag(:br)
|
||||
concat plc
|
||||
end
|
||||
end
|
||||
else
|
||||
label_tag(key,(!@require.blank? ? '*'+title : title),:class=>"col-sm-2 control-label muted")
|
||||
end
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
<% val = t("application_form.registration_status_#{application_form_signup.status}") if !application_form_signup.status.blank? %>
|
||||
<% end %>
|
||||
<% elsif names[0] == "application_form_signup_field_custom" || names[0] == "application_form_signup_fields" %>
|
||||
<% val = application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %>
|
||||
<% val = html_escape(application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "" %>
|
||||
<% elsif names[0] == "application_form_signup_contributes" %>
|
||||
<% if names[1] == "file" %>
|
||||
<% application_form_signup_contribute = @application_form_signup_contribute %>
|
||||
|
@ -68,7 +68,7 @@
|
|||
<% else %>
|
||||
<% file_content = File.read(file_path) rescue "" %>
|
||||
<% if file_content.is_utf8? %>
|
||||
<% file_content = file_content.gsub(/(\r\n|\n)/,"<br>")%>
|
||||
<% file_content = html_escape(file_content).gsub(/(\r\n|\n)/,"<br>") %>
|
||||
<% val = "<div class=\"text_wrap\"><a class=\"pull-right\" href=\"#{file_url}\" title=\"#{t(:download)}\">#{t(:download)}</a><div style=\"clear: both;\"></div><h4>#{file_title}</h4>#{file_content}</div>"%>
|
||||
<% else %>
|
||||
<% val = link_to( file_title, file_url , {:target => '_blank', :title => Nokogiri::HTML(description.gsub("<br>"," , ")).text} ) if application_form_signup_contribute.file.file %>
|
||||
|
@ -90,12 +90,13 @@
|
|||
<% end %>
|
||||
<% end %>
|
||||
<% elsif names[0] == "application_form_submission_fields" %>
|
||||
<% val = @application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %>
|
||||
<% application_form_submission_field = application_form_signup.application_form_main.application_form_submission_fields.where(:key=>names[1]).first %>
|
||||
<% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
|
||||
application_form_submission_value = @application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first
|
||||
val = "<span data-id=\"#{application_form_submission_value.id rescue ''}\">#{(application_form_submission_value.get_value_by_locale(I18n.locale) rescue "")}</span>"
|
||||
end %>
|
||||
<% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
|
||||
application_form_submission_value = @application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first
|
||||
val = "<span data-id=\"#{application_form_submission_value.id rescue ''}\">#{(html_escape(application_form_submission_value.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "")}</span>"
|
||||
else
|
||||
val = html_escape(@application_form_signup_contribute.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale).gsub('<br>', "\n")).gsub("\n","<br>") rescue ""
|
||||
end %>
|
||||
<% elsif names[0] == "application_form_signup" %>
|
||||
<% val = (application_form_signup.send("display_"+names[1]) rescue application_form_signup.send(names[1])) rescue nil %>
|
||||
<% elsif names[0] == "application_form_review_result" %>
|
||||
|
|
|
@ -164,14 +164,6 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div class="control-group <%= @application_form.registration_status[0] == 'C' ? '' : 'hide' %>" id="registration_status">
|
||||
<label for="password" class="control-label muted">*<%= t('application_form_signup.password') %></label>
|
||||
<div class="controls">
|
||||
<%= f.text_field :password, :class=>"input-block-level", :placeholder=> t('application_form_signup.password') %>
|
||||
<%= t('application_form_signup.password_message') %>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<% end %>
|
||||
<% @form_index = 0 %>
|
||||
<% @application_form.application_form_signup_fields.asc(:_id).each do |rf| %>
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
<% val = t("application_form.registration_status_#{application_form_signup.status}") if !application_form_signup.status.blank? %>
|
||||
<% end %>
|
||||
<% elsif names[0] == "application_form_signup_field_custom" || names[0] == "application_form_signup_fields" %>
|
||||
<% val = application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "" %>
|
||||
<% val = html_escape(application_form_signup.application_form_signup_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "" %>
|
||||
<% elsif names[0] == "application_form_signup_contributes" %>
|
||||
<% if names[1] == "file" %>
|
||||
<% val = application_form_signup_contributes %>
|
||||
|
@ -103,16 +103,17 @@
|
|||
<% end %>
|
||||
<% end %>
|
||||
<% elsif names[0] == "application_form_submission_fields" %>
|
||||
<% val = application_form_signup_contributes.collect{|s| (s.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale) rescue "")} %>
|
||||
<% application_form_submission_field = application_form_signup.application_form_main.application_form_submission_fields.where(:key=>names[1]).first %>
|
||||
<% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
|
||||
val = application_form_signup_contributes.collect{|s|
|
||||
application_form_submission_value = s.application_form_submission_values.where(:key=>names[1]).first
|
||||
"<span data-id=\"#{application_form_submission_value.id rescue ''}\">#{(application_form_submission_value.get_value_by_locale(I18n.locale) rescue "")}</span>"}
|
||||
edit_urls[i] = []
|
||||
application_form_submission_values = application_form_signup_contributes.collect{|s| s.application_form_submission_values.where(:key=>names[1]).first }
|
||||
edit_urls[i] = application_form_submission_values.map{|application_form_submission_value| edit_admin_application_form_submission_value_path(application_form_submission_value.id) rescue "#"}
|
||||
end %>
|
||||
<% if application_form_submission_field && application_form_submission_field.markup == "application_form_preferred_session"
|
||||
val = application_form_signup_contributes.collect{|s|
|
||||
application_form_submission_value = s.application_form_submission_values.where(:key=>names[1]).first
|
||||
"<span data-id=\"#{application_form_submission_value.id rescue ''}\">#{(html_escape(application_form_submission_value.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "")}</span>"}
|
||||
edit_urls[i] = []
|
||||
application_form_submission_values = application_form_signup_contributes.collect{|s| s.application_form_submission_values.where(:key=>names[1]).first }
|
||||
edit_urls[i] = application_form_submission_values.map{|application_form_submission_value| edit_admin_application_form_submission_value_path(application_form_submission_value.id) rescue nil}
|
||||
else
|
||||
val = application_form_signup_contributes.collect{|s| (html_escape(s.application_form_submission_values.where(:key=>names[1]).first.get_value_by_locale(I18n.locale)).gsub(/(\r\n|\n)/,"<br>") rescue "")}
|
||||
end %>
|
||||
<% elsif names[0] == "application_form_signup" %>
|
||||
<% val = (application_form_signup.send("display_"+names[1]) rescue application_form_signup.send(names[1])) rescue nil %>
|
||||
<% val = val.strftime('%Y/%m/%d %H:%M') if names[1] == 'created_at' %>
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
content_tag :div, paginate(@application_form_signups), class: "pagination pagination-centered"
|
||||
end
|
||||
%>
|
||||
<%= pagination_html.gsub(/page_no#{count}=\d*/,"").gsub('&&','&').gsub(/page=(\d*)/m){|ff| ff.gsub("page=#{$1}","page=#{params[:page]}&page_no#{count}=#{$1}")}.html_safe %>
|
||||
<%= pagination_html.gsub(/page_no#{count}=\d*/,"").gsub('&&','&').gsub(/page=(\d*)/m){|ff| ff.gsub("page=#{$1}","page=#{(params[:page] ? params[:page].to_s.to_i : nil)}&page_no#{count}=#{$1}")}.html_safe %>
|
||||
</div>
|
||||
<% end %>
|
||||
<% if count != 2 && @application_form.summary_chioices.count >= 2 %>
|
||||
|
|
|
@ -69,9 +69,12 @@
|
|||
<% application_form_signup_field_sets = ApplicationFormSignupFieldSet.all.uniq{|s| s.field_name} %>
|
||||
<% if application_form_signup_field_sets.count != 0 %>
|
||||
<% application_form_signup_field_sets.each do |field_set| %>
|
||||
<% next if ApplicationFormMain::ExceptFieldSetDisplays.include?(field_set) %>
|
||||
<% default_show << "application_form_signup_field_set.#{field_set.field_name}" if !(field_set.hidden) %>
|
||||
<% @field_names << "application_form_signup_field_set.#{field_set.field_name}" %>
|
||||
<%
|
||||
field_name = field_set.field_name
|
||||
next if ApplicationFormMain::ExceptFieldSetDisplays.include?(field_name)
|
||||
%>
|
||||
<% default_show << "application_form_signup_field_set.#{field_name}" if !(field_set.hidden) %>
|
||||
<% @field_names << "application_form_signup_field_set.#{field_name}" %>
|
||||
<% @field_name_translations << field_set.name[I18n.locale] %>
|
||||
<% end %>
|
||||
<% else %>
|
||||
|
|
|
@ -4,7 +4,11 @@
|
|||
@application_form = data["application_form"]
|
||||
@time_now = data["time_now"]
|
||||
%>
|
||||
|
||||
<style type="text/css">
|
||||
.alert-error{
|
||||
color: red;
|
||||
}
|
||||
</style>
|
||||
<% if (@application_form.contribute_start_date <= @time_now && (@application_form.contribute_end_date.nil? or @application_form.contribute_end_date+1 >= @time_now ) rescue false) %>
|
||||
|
||||
<section id="main-wrap">
|
||||
|
|
Loading…
Reference in New Issue