Fix vulnerable.

2022-10-24 16:08:42 +08:00 · 2022-10-24 16:08:42 +08:00 · 2fa9d31762
parent c1c1af1b74
commit 2fa9d31762
2 changed files with 3 additions and 3 deletions
--- a/app/controllers/admin/researchs_controller.rb
+++ b/app/controllers/admin/researchs_controller.rb
@ -14,7 +14,7 @@ class Admin::ResearchsController < OrbitMemberController
  end
  def new
-    @member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
+    @member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
    @research = Research.new
    if params[:desktop]
      render :layout => false
@ -162,7 +162,7 @@ class Admin::ResearchsController < OrbitMemberController
  end
  def frontend_setting
-    @member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
+    @member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
    @intro = ResearchIntro.find_by(:member_profile_id=>@member.id) rescue nil
    @intro = @intro.nil? ? ResearchIntro.new({:member_profile_id=>@member.id}) : @intro
  end
--- a/app/controllers/personal_researches_controller.rb
+++ b/app/controllers/personal_researches_controller.rb
@ -28,7 +28,7 @@ class PersonalResearchesController < ApplicationController
  def show
    params = OrbitHelper.params
-    plugin = Research.where(:is_hidden=>false).find_by(uid: params[:uid])
+    plugin = Research.where(:is_hidden=>false).find_by(uid: params[:uid].to_s)
    fields_to_show =[
      "year",
      "research_category",