Fix vulnerable.
This commit is contained in:
parent
5488b7c561
commit
bdb02aa184
|
@ -16,7 +16,7 @@ class Admin::PersonalPluginFieldsController < OrbitMemberController
|
||||||
FileUtils.mkdir_p(zip_path) if !Dir.exist?(zip_path)
|
FileUtils.mkdir_p(zip_path) if !Dir.exist?(zip_path)
|
||||||
personal_plugin_field = PersonalPluginField.find(params[:personal_plugin_field_id]) rescue nil
|
personal_plugin_field = PersonalPluginField.find(params[:personal_plugin_field_id]) rescue nil
|
||||||
if personal_plugin_field
|
if personal_plugin_field
|
||||||
zip_file_path = zip_path + "#{personal_plugin_field.module_name}.zip"
|
zip_file_path = zip_path + "#{personal_plugin_field.module_name.split('/').last}.zip"
|
||||||
zip_file= ZipFileGenerator.new(zip_path + personal_plugin_field.module_name ,zip_file_path)
|
zip_file= ZipFileGenerator.new(zip_path + personal_plugin_field.module_name ,zip_file_path)
|
||||||
begin
|
begin
|
||||||
zip_file.write
|
zip_file.write
|
||||||
|
@ -900,10 +900,12 @@ class Admin::PersonalPluginFieldsController < OrbitMemberController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
def check_modal_name
|
def check_modal_name
|
||||||
primary_modal_names = PersonalPluginField.where(:id.ne=>params[:id]).pluck(:primary_modal_name)
|
id = params[:id].to_s
|
||||||
related_modal_names = PersonalPluginField.where(:id.ne=>params[:id]).pluck(:related_modal_name).flatten.uniq
|
other_personal_plugin_fields = PersonalPluginField.where(:id.ne=>id)
|
||||||
|
primary_modal_names = other_personal_plugin_fields.pluck(:primary_modal_name)
|
||||||
|
related_modal_names = other_personal_plugin_fields.pluck(:related_modal_name).flatten.uniq
|
||||||
other_modal_names = primary_modal_names + related_modal_names
|
other_modal_names = primary_modal_names + related_modal_names
|
||||||
personal_plugin_field = PersonalPluginField.where(:id=>params[:id]).first
|
personal_plugin_field = PersonalPluginField.where(:id=>id).first
|
||||||
all_modal_names = PersonalPluginField.get_modal_names_cache
|
all_modal_names = PersonalPluginField.get_modal_names_cache
|
||||||
if personal_plugin_field.present?
|
if personal_plugin_field.present?
|
||||||
except_modals = Dir.glob("tmp/#{personal_plugin_field.module_name}/app/models/*.rb").map{|f|
|
except_modals = Dir.glob("tmp/#{personal_plugin_field.module_name}/app/models/*.rb").map{|f|
|
||||||
|
|
|
@ -26,7 +26,7 @@ class Admin::PluginTemplatesController < OrbitMemberController
|
||||||
@sort = {:category_id=>params[:order]}.merge({:id=>params[:order]})
|
@sort = {:category_id=>params[:order]}.merge({:id=>params[:order]})
|
||||||
else
|
else
|
||||||
if params[:sort].present?
|
if params[:sort].present?
|
||||||
s = Sanitize.clean(params[:sort]).to_sym
|
s = params[:sort].to_s
|
||||||
@sort = {s=>params[:order]}.merge({:id=>params[:order]})
|
@sort = {s=>params[:order]}.merge({:id=>params[:order]})
|
||||||
else
|
else
|
||||||
@sort = {}
|
@sort = {}
|
||||||
|
@ -35,7 +35,7 @@ class Admin::PluginTemplatesController < OrbitMemberController
|
||||||
@sort
|
@sort
|
||||||
end
|
end
|
||||||
def new
|
def new
|
||||||
@member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
|
@member = MemberProfile.find_by(:uid=>params[:uid].to_s) rescue nil
|
||||||
@plugin_template = PluginTemplate.new
|
@plugin_template = PluginTemplate.new
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -91,7 +91,7 @@ class Admin::PluginTemplatesController < OrbitMemberController
|
||||||
end
|
end
|
||||||
|
|
||||||
def frontend_setting
|
def frontend_setting
|
||||||
@member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
|
@member = MemberProfile.find_by(:uid=>params[:uid].to_s) rescue nil
|
||||||
@intro = PluginTemplateIntro.find_by(:member_profile_id=>@member.id) rescue nil
|
@intro = PluginTemplateIntro.find_by(:member_profile_id=>@member.id) rescue nil
|
||||||
@intro = @intro.nil? ? PluginTemplateIntro.new({:member_profile_id=>@member.id}) : @intro
|
@intro = @intro.nil? ? PluginTemplateIntro.new({:member_profile_id=>@member.id}) : @intro
|
||||||
end
|
end
|
||||||
|
|
|
@ -55,11 +55,13 @@ class PersonalPluginTemplatesController < ApplicationController
|
||||||
choice = choice.map { |value| value.inject :merge }
|
choice = choice.map { |value| value.inject :merge }
|
||||||
select_text = t('personal_plugin_template.extend_translate.search_class')
|
select_text = t('personal_plugin_template.extend_translate.search_class')
|
||||||
search_text = t('personal_plugin_template.extend_translate.word_to_search')
|
search_text = t('personal_plugin_template.extend_translate.word_to_search')
|
||||||
|
@_request = OrbitHelper.request
|
||||||
|
csrf_value = form_authenticity_token
|
||||||
extras = extras.merge({ 'url' => '/' + I18n.locale.to_s + params[:url],
|
extras = extras.merge({ 'url' => '/' + I18n.locale.to_s + params[:url],
|
||||||
'select_text' => select_text,
|
'select_text' => select_text,
|
||||||
'search_text' => search_text,
|
'search_text' => search_text,
|
||||||
'search_value' => params[:keywords].to_s.gsub(/\"/,'')
|
'search_value' => params[:keywords].to_s.gsub(/\"/,''),
|
||||||
|
'csrf_value' => csrf_value
|
||||||
})
|
})
|
||||||
extras["widget-title"] = I18n.t("module_name.personal_plugin_template")
|
extras["widget-title"] = I18n.t("module_name.personal_plugin_template")
|
||||||
{
|
{
|
||||||
|
@ -73,7 +75,7 @@ class PersonalPluginTemplatesController < ApplicationController
|
||||||
|
|
||||||
def show
|
def show
|
||||||
params = OrbitHelper.params
|
params = OrbitHelper.params
|
||||||
plugin = PluginTemplate.where(:is_hidden=>false).find_by(uid: params[:uid])
|
plugin = PluginTemplate.where(:is_hidden=>false).find_by(uid: params[:uid].to_s)
|
||||||
fields_to_show = col_name_to_show_in_show_page
|
fields_to_show = col_name_to_show_in_show_page
|
||||||
{"plugin_datas"=>plugin.get_plugin_data(fields_to_show)}
|
{"plugin_datas"=>plugin.get_plugin_data(fields_to_show)}
|
||||||
end
|
end
|
||||||
|
@ -119,8 +121,8 @@ class PersonalPluginTemplatesController < ApplicationController
|
||||||
relate_name = select_field.split(".").first
|
relate_name = select_field.split(".").first
|
||||||
field_name = select_field.split(".").last
|
field_name = select_field.split(".").last
|
||||||
relate = relate_name.classify.constantize
|
relate = relate_name.classify.constantize
|
||||||
relate_ids = relate.where(field_name.to_sym=>/#{gsub_invalid_character(keywords)}/).pluck(:id)
|
relate_ids = relate.where(field_name=>/#{gsub_invalid_character(keywords)}/).pluck(:id)
|
||||||
plugin_templates = plugin_templates.where("#{relate_name.singularize}_id".to_sym.in=>relate_ids)
|
plugin_templates = plugin_templates.where("#{relate_name.singularize}_id"=>{'$in'=>relate_ids})
|
||||||
elsif (PluginTemplate.fields[select_field].options[:type] == Date rescue false)
|
elsif (PluginTemplate.fields[select_field].options[:type] == Date rescue false)
|
||||||
keywords = keywords.split(/[\/\-]/)
|
keywords = keywords.split(/[\/\-]/)
|
||||||
if keywords.count > 1
|
if keywords.count > 1
|
||||||
|
@ -128,7 +130,7 @@ class PersonalPluginTemplatesController < ApplicationController
|
||||||
else
|
else
|
||||||
start_time = Date.parse(keywords[0] + "/1/1")
|
start_time = Date.parse(keywords[0] + "/1/1")
|
||||||
end_time = Date.parse(keywords[0] + "/12/31")
|
end_time = Date.parse(keywords[0] + "/12/31")
|
||||||
plugin_templates = plugin_templates.where(select_field.to_sym.gte=>start_time,select_field.to_sym.lte=>end_time)
|
plugin_templates = plugin_templates.where(select_field=>{'$gte'=>start_time,'$lte'=>end_time})
|
||||||
end
|
end
|
||||||
elsif (PluginTemplate.fields[select_field].options[:type] == DateTime rescue false)
|
elsif (PluginTemplate.fields[select_field].options[:type] == DateTime rescue false)
|
||||||
keywords = keywords.split(/[\/\-]/)
|
keywords = keywords.split(/[\/\-]/)
|
||||||
|
@ -140,7 +142,7 @@ class PersonalPluginTemplatesController < ApplicationController
|
||||||
else
|
else
|
||||||
start_time = DateTime.parse(keywords[0] + "/1/1 00:00")
|
start_time = DateTime.parse(keywords[0] + "/1/1 00:00")
|
||||||
end_time = DateTime.parse(keywords[0] + "/12/31 23:59")
|
end_time = DateTime.parse(keywords[0] + "/12/31 23:59")
|
||||||
plugin_templates = plugin_templates.where(select_field.to_sym.gte=>start_time,select_field.to_sym.lte=>end_time)
|
plugin_templates = plugin_templates.where(select_field=>{'$gte'=>start_time,'$lte'=>end_time})
|
||||||
end
|
end
|
||||||
elsif (PluginTemplate.fields[select_field].options[:type] == Integer rescue false)
|
elsif (PluginTemplate.fields[select_field].options[:type] == Integer rescue false)
|
||||||
tmp_plugin_templates = plugin_templates.select{|p| p.send(select_field).to_s.include?(keywords)}
|
tmp_plugin_templates = plugin_templates.select{|p| p.send(select_field).to_s.include?(keywords)}
|
||||||
|
@ -160,7 +162,7 @@ class PersonalPluginTemplatesController < ApplicationController
|
||||||
tmp_plugin_templates = plugin_templates.select{|p| (p.send("#{select_field}_ids") & ids).count != 0}
|
tmp_plugin_templates = plugin_templates.select{|p| (p.send("#{select_field}_ids") & ids).count != 0}
|
||||||
plugin_templates = plugin_templates.where(:id.in=>tmp_plugin_templates.map{|p| p.id})
|
plugin_templates = plugin_templates.where(:id.in=>tmp_plugin_templates.map{|p| p.id})
|
||||||
else
|
else
|
||||||
plugin_templates = plugin_templates.where(select_field.to_sym=>/#{gsub_invalid_character(keywords)}/)
|
plugin_templates = plugin_templates.where(select_field=>/#{gsub_invalid_character(keywords)}/)
|
||||||
end
|
end
|
||||||
return plugin_templates
|
return plugin_templates
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue