chiu
/
patch_file
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix vulnerable.

This commit is contained in:
BoHung Chiu 2022-11-01 21:07:41 +08:00
parent d150a698cd
commit 455523cb09
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/admin/patchfiles_controller.rb
View File

@ -112,8 +112,8 @@ class Admin::PatchfilesController < OrbitAdminController
@file = params["fontfile"]["font_file"] if params["fontfile"]["font_file"] != ""
@file_path = Rails.root.to_s + '/app/assets/fonts'
if @file.nil? != true
@file_name = @file.original_filename
if !@file.nil?
@file_name = File.basename(@file.original_filename)
@file_content = @file.read
@file_content.force_encoding('UTF-8')
File.open("#{@file_path}/#{@file_name}","w+") do |f|

12
updatefiles/application_helper.rb
View File

@ -707,8 +707,8 @@ module ApplicationHelper
plugin = OrbitApp::Plugin::Registration.find_by_module_app_name(page.module.classify) || OrbitApp::Plugin::Registration.find_by_module_app_name(page.module)
override_data = {'widget-title'=>plugin.name}
end
filename = overridehtml.nil? ? params[:layout_type].to_s.split('/').last : overridehtml
module_name = params[:target_controller].to_s.split('/').last.singularize
filename = overridehtml.nil? ? File.basename(params[:layout_type]) : overridehtml
module_name = File.basename(params[:target_controller]).singularize
f = File.join(Rails.root, 'app', 'templates', "#{@key}", 'modules', module_name, "#{filename}.html.erb")
if !File.exists?f
f = File.join(Rails.root, 'app', 'templates', "#{@key}", 'modules', module_name, "index.html.erb")
@ -768,8 +768,8 @@ module ApplicationHelper
return "<div class='well'>No content to show.</div>".html_safe
end
else
filename = overridehtml.nil? ? params[:target_action].to_s.split('/').last : overridehtml
module_name = params[:target_controller].to_s.split('/').last.singularize
filename = overridehtml.nil? ? File.basename(params[:target_action]) : overridehtml
module_name = File.basename(params[:target_controller]).singularize
f = File.join(Rails.root, 'app', 'templates', "#{@key}", 'modules', module_name, "#{filename}.html.erb")
if File.exists?f
file = File.open(f)
@ -1050,8 +1050,8 @@ module ApplicationHelper
end
def write_debug_file(e,controller_name,action_name)
controller_name = controller_name.to_s.split('/').last
action_name = action_name.to_s.split('/').last
controller_name = File.basename(controller_name)
action_name = File.basename(action_name)
url_dir_name = request.fullpath.split("?")[0]
url_dir_name = URI.decode(url_dir_name)
url_dir_name = (url_dir_name == "/" ? "home" : url_dir_name.sub("/","").gsub("/","_").gsub("-","_").gsub(" ","_"))