fix security problem
This commit is contained in:
parent
4a584b2f8f
commit
a691508205
|
@ -68,13 +68,16 @@
|
||||||
<div class="search_widget" style="display: flex;flex-wrap: wrap;font-size: 1.1em;">
|
<div class="search_widget" style="display: flex;flex-wrap: wrap;font-size: 1.1em;">
|
||||||
<%= select_tag('category',options_for_select(all_cat.concat(cats.map{|v| [v.title,v.id.to_s]}),:selected => params['category'].to_s),:id=>"category_select_box",:prompt => t('announcement.select_prompt')) %>
|
<%= select_tag('category',options_for_select(all_cat.concat(cats.map{|v| [v.title,v.id.to_s]}),:selected => params['category'].to_s),:id=>"category_select_box",:prompt => t('announcement.select_prompt')) %>
|
||||||
<input class="search_box" type="text" name="keywords" value="<%= params['keywords'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.keywords') %>">
|
<input class="search_box" type="text" name="keywords" value="<%= params['keywords'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.keywords') %>">
|
||||||
<div class="default_picker">
|
<div style="display: flex;flex-wrap: wrap;">
|
||||||
<input class="search_box" type="text" name="stime" value="<%= params['stime'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.stime') %>" data-format="yyyy/mm/dd">
|
<div class="default_picker">
|
||||||
</div>
|
<input class="search_box" type="text" name="stime" value="<%= params['stime'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.stime') %>" data-format="yyyy/mm/dd">
|
||||||
~
|
</div>
|
||||||
<div class="default_picker">
|
~
|
||||||
<input class="search_box" type="text" name="etime" value="<%= params['etime'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.etime') %>" data-format="yyyy/mm/dd">
|
<div class="default_picker">
|
||||||
|
<input class="search_box" type="text" name="etime" value="<%= params['etime'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.etime') %>" data-format="yyyy/mm/dd">
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<input type="hidden" name="authenticity_token" value="<%= (0...46).map { ('a'..'z').to_a[rand(26)] }.join %>">
|
||||||
<input class="search_box" type="submit" value="<%= t('announcement.search') %>">
|
<input class="search_box" type="submit" value="<%= t('announcement.search') %>">
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
Loading…
Reference in New Issue