jiang
/
ask
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix vulnerability

This commit is contained in:
邱博亞 2021-11-18 14:32:20 +08:00
parent ef669084a7
commit ca55f99f53
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/asks_controller.rb
View File

@ -160,6 +160,9 @@ class AsksController < ActionController::Base
end
def create
if !params[:referer_url].blank? && !params[:referer_url].to_s.start_with?("/")
render :file => "#{Rails.root}/app/views/errors/403.html", :layout => false, :status => 403 and return
end
@ask_question = AskQuestion.new()
temp_params = create_params
all_to_save = []