Fix vulnerable.
This commit is contained in:
parent
779d49f128
commit
1439556e13
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
|
|
@ -3,7 +3,7 @@ class AnnouncementFeedsController < ApplicationController
|
||||||
include Admin::AnnouncementsHelper
|
include Admin::AnnouncementsHelper
|
||||||
def feed_add_remote
|
def feed_add_remote
|
||||||
if params[:url].present?
|
if params[:url].present?
|
||||||
uid = params[:uid]
|
uid = params[:uid].to_s
|
||||||
bulletin_feed = BulletinFeed.where(uid: uid).first
|
bulletin_feed = BulletinFeed.where(uid: uid).first
|
||||||
if !(bulletin_feed.remote_urls.include?(params[:url]))
|
if !(bulletin_feed.remote_urls.include?(params[:url]))
|
||||||
bulletin_feed.remote_urls << params[:url]
|
bulletin_feed.remote_urls << params[:url]
|
||||||
|
|
@ -14,7 +14,7 @@ class AnnouncementFeedsController < ApplicationController
|
||||||
end
|
end
|
||||||
def feed_remove_remote
|
def feed_remove_remote
|
||||||
if params[:url].present?
|
if params[:url].present?
|
||||||
uid = params[:uid]
|
uid = params[:uid].to_s
|
||||||
bulletin_feed = BulletinFeed.where(uid: uid).first
|
bulletin_feed = BulletinFeed.where(uid: uid).first
|
||||||
if bulletin_feed.remote_urls.delete(params[:url])
|
if bulletin_feed.remote_urls.delete(params[:url])
|
||||||
bulletin_feed.save
|
bulletin_feed.save
|
||||||
|
|
@ -23,7 +23,7 @@ class AnnouncementFeedsController < ApplicationController
|
||||||
render :json => {success: true}
|
render :json => {success: true}
|
||||||
end
|
end
|
||||||
def feed
|
def feed
|
||||||
uid = params[:uid]
|
uid = params[:uid].to_s
|
||||||
startdt = params[:start].blank? ? nil : params[:start]
|
startdt = params[:start].blank? ? nil : params[:start]
|
||||||
enddt = params[:end].blank? ? nil : params[:end]
|
enddt = params[:end].blank? ? nil : params[:end]
|
||||||
dt = params[:date].blank? ? nil : params[:date]
|
dt = params[:date].blank? ? nil : params[:date]
|
||||||
|
|
@ -46,7 +46,7 @@ class AnnouncementFeedsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def rssfeed
|
def rssfeed
|
||||||
uid = params[:uid]
|
uid = params[:uid].to_s
|
||||||
@bf = BulletinFeed.find_by(:uid => uid) rescue nil
|
@bf = BulletinFeed.find_by(:uid => uid) rescue nil
|
||||||
if !@bf.nil?
|
if !@bf.nil?
|
||||||
tags = @bf.tag_ids
|
tags = @bf.tag_ids
|
||||||
|
|
|
||||||
|
|
@ -543,7 +543,7 @@ class Bulletin
|
||||||
http = Net::HTTP.new(new_uri.host, new_uri.port)
|
http = Net::HTTP.new(new_uri.host, new_uri.port)
|
||||||
if location.include?('https')
|
if location.include?('https')
|
||||||
http.use_ssl = true
|
http.use_ssl = true
|
||||||
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
||||||
end
|
end
|
||||||
request.instance_variable_set(:@path, new_uri.path)
|
request.instance_variable_set(:@path, new_uri.path)
|
||||||
response = self.http_request(http, request)
|
response = self.http_request(http, request)
|
||||||
|
|
|
||||||
|
|
@ -130,11 +130,13 @@ class Admin::SitesController < OrbitAdminController
|
||||||
end
|
end
|
||||||
|
|
||||||
def system_info
|
def system_info
|
||||||
@disk_free = `df -h /`.gsub("\n","<br/>").html_safe
|
@disk_free = `df -h /`.rstrip()
|
||||||
@nginx_version = %x[/usr/sbin/nginx -v 2>&1].gsub("\n","<br/>").html_safe
|
@nginx_version = %x[/usr/sbin/nginx -v 2>&1].rstrip()
|
||||||
@mongo_version = `mongod --version`.split("\n")[0].html_safe
|
@mongo_version = (Mongoid.default_client.command(buildInfo: 1).first[:version] rescue '')
|
||||||
@linux_version = `lsb_release -d`.split(":")[1].html_safe rescue "Not Applicable"
|
@linux_version = `lsb_release -ds`.rstrip()
|
||||||
|
if @linux_version.blank?
|
||||||
|
@linux_version = "Not Applicable"
|
||||||
|
end
|
||||||
|
|
||||||
if !params[:user_logs].nil?
|
if !params[:user_logs].nil?
|
||||||
@user_page = params[:page].to_i
|
@user_page = params[:page].to_i
|
||||||
|
|
|
||||||
|
|
@ -60,7 +60,7 @@ module Admin::GmailHelper
|
||||||
res_net = Net::HTTP.start(uri.host, uri.port,
|
res_net = Net::HTTP.start(uri.host, uri.port,
|
||||||
:use_ssl => uri.scheme == 'https',
|
:use_ssl => uri.scheme == 'https',
|
||||||
open_timeout: 60,read_timeout: 60,
|
open_timeout: 60,read_timeout: 60,
|
||||||
verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
|
verify_mode: OpenSSL::SSL::VERIFY_PEER) do |http|
|
||||||
req = Net::HTTP::Post.new(uri)
|
req = Net::HTTP::Post.new(uri)
|
||||||
req.content_type='application/x-www-form-urlencoded'
|
req.content_type='application/x-www-form-urlencoded'
|
||||||
req_params.each do |k,v|
|
req_params.each do |k,v|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,15 @@
|
||||||
module Admin::PlaygroundHelper
|
module Admin::PlaygroundHelper
|
||||||
|
require 'securerandom'
|
||||||
|
def secure_rand_number(max_num)
|
||||||
|
if max_num.is_a?(Range)
|
||||||
|
min_num = max_num.begin.to_i
|
||||||
|
offset = max_num.exclude_end? ? 0 : 1
|
||||||
|
max_num = max_num.end.to_i - min_num + offset
|
||||||
|
min_num + SecureRandom.random_number(max_num)
|
||||||
|
else
|
||||||
|
SecureRandom.random_number(max_num.to_i)
|
||||||
|
end
|
||||||
|
end
|
||||||
def make_announcement_fake_data(ma, total_count=5)
|
def make_announcement_fake_data(ma, total_count=5)
|
||||||
page = Page.Where(:module => ma.key).first rescue nil
|
page = Page.Where(:module => ma.key).first rescue nil
|
||||||
if page.nil?
|
if page.nil?
|
||||||
|
|
@ -32,13 +42,13 @@ module Admin::PlaygroundHelper
|
||||||
bulletin.remote_image_url = get_fake_image_url(ma.key)
|
bulletin.remote_image_url = get_fake_image_url(ma.key)
|
||||||
bulletin.save
|
bulletin.save
|
||||||
fake_ids << bulletin.id
|
fake_ids << bulletin.id
|
||||||
(1..rand(1..5)).each do |x|
|
(1..secure_rand_number(1..5)).each do |x|
|
||||||
bf = BulletinFile.new(:title_translations => get_random_title, :description_translations => get_random_title)
|
bf = BulletinFile.new(:title_translations => get_random_title, :description_translations => get_random_title)
|
||||||
bf.remote_file_url = get_fake_file_url(ma.key)
|
bf.remote_file_url = get_fake_file_url(ma.key)
|
||||||
bf.bulletin = bulletin
|
bf.bulletin = bulletin
|
||||||
bf.save
|
bf.save
|
||||||
end
|
end
|
||||||
(1..rand(1..5)).each do |x|
|
(1..secure_rand_number(1..5)).each do |x|
|
||||||
bl = BulletinLink.new(:title_translations => get_random_title, :url => get_fake_link)
|
bl = BulletinLink.new(:title_translations => get_random_title, :url => get_fake_link)
|
||||||
bl.bulletin = bulletin
|
bl.bulletin = bulletin
|
||||||
bl.save
|
bl.save
|
||||||
|
|
@ -70,7 +80,7 @@ module Admin::PlaygroundHelper
|
||||||
banner.category = cat
|
banner.category = cat
|
||||||
banner.save
|
banner.save
|
||||||
fake_ids << banner.id
|
fake_ids << banner.id
|
||||||
(1..rand(2..4)).each do |x|
|
(1..secure_rand_number(2..4)).each do |x|
|
||||||
image = AdImage.new(:title_translations => get_random_title, :context_translations => get_random_title, :out_link => get_fake_link, :deadline => get_fake_date, :sort_number => x, :link_open => AdImage::LINK_OPEN_TYPES.sample)
|
image = AdImage.new(:title_translations => get_random_title, :context_translations => get_random_title, :out_link => get_fake_link, :deadline => get_fake_date, :sort_number => x, :link_open => AdImage::LINK_OPEN_TYPES.sample)
|
||||||
image.remote_file_url = get_fake_image_url(ma.key)
|
image.remote_file_url = get_fake_image_url(ma.key)
|
||||||
image.banner = banner
|
image.banner = banner
|
||||||
|
|
@ -116,13 +126,13 @@ module Admin::PlaygroundHelper
|
||||||
qa.tags=tag
|
qa.tags=tag
|
||||||
qa.save
|
qa.save
|
||||||
fake_ids << qa.id
|
fake_ids << qa.id
|
||||||
(1..rand(1..5)).each do |x|
|
(1..secure_rand_number(1..5)).each do |x|
|
||||||
qf = QaFile.new(:title_translations => get_random_title, :description_translations => get_random_title)
|
qf = QaFile.new(:title_translations => get_random_title, :description_translations => get_random_title)
|
||||||
qf.remote_file_url = get_fake_file_url(ma.key)
|
qf.remote_file_url = get_fake_file_url(ma.key)
|
||||||
qf.qa = qa
|
qf.qa = qa
|
||||||
qf.save
|
qf.save
|
||||||
end
|
end
|
||||||
(1..rand(1..5)).each do |x|
|
(1..secure_rand_number(1..5)).each do |x|
|
||||||
ql = QaLink.new(:title_translations => get_random_title, :url => get_fake_link)
|
ql = QaLink.new(:title_translations => get_random_title, :url => get_fake_link)
|
||||||
ql.qa = qa
|
ql.qa = qa
|
||||||
ql.save
|
ql.save
|
||||||
|
|
@ -167,7 +177,7 @@ module Admin::PlaygroundHelper
|
||||||
archive.tags=tag
|
archive.tags=tag
|
||||||
archive.save
|
archive.save
|
||||||
fake_ids << archive.id
|
fake_ids << archive.id
|
||||||
(1..rand(1..5)).each do |x|
|
(1..secure_rand_number(1..5)).each do |x|
|
||||||
afm = ArchiveFileMultiple.new(:file_title_translations => get_random_title, :sort_number => x)
|
afm = ArchiveFileMultiple.new(:file_title_translations => get_random_title, :sort_number => x)
|
||||||
afm.remote_file_url = get_fake_file_url(ma.key)
|
afm.remote_file_url = get_fake_file_url(ma.key)
|
||||||
afm.archive_file = archive
|
afm.archive_file = archive
|
||||||
|
|
@ -213,7 +223,7 @@ module Admin::PlaygroundHelper
|
||||||
album.category = cat
|
album.category = cat
|
||||||
album.save
|
album.save
|
||||||
fake_ids << album.id
|
fake_ids << album.id
|
||||||
(1..rand(5..10)).each do |x|
|
(1..secure_rand_number(5..10)).each do |x|
|
||||||
image = AlbumImage.new(:title => get_random_title["zh_tw"], :description_translations => get_random_title, :order => x)
|
image = AlbumImage.new(:title => get_random_title["zh_tw"], :description_translations => get_random_title, :order => x)
|
||||||
image.remote_file_url = get_fake_image_url(ma.key)
|
image.remote_file_url = get_fake_image_url(ma.key)
|
||||||
image.album = album
|
image.album = album
|
||||||
|
|
@ -271,7 +281,7 @@ module Admin::PlaygroundHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_fake_date(no=100)
|
def get_fake_date(no=100)
|
||||||
Time.now + rand(1..no).days
|
Time.now + secure_rand_number(1..no).days
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_fake_link
|
def get_fake_link
|
||||||
|
|
@ -289,11 +299,11 @@ module Admin::PlaygroundHelper
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_fake_file_url(key)
|
def get_fake_file_url(key)
|
||||||
OrbitStore::URL + "/fake_data/#{key}/files/" + rand(1..5).to_s + ".txt"
|
OrbitStore::URL + "/fake_data/#{key}/files/" + secure_rand_number(1..5).to_s + ".txt"
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_fake_image_url(key)
|
def get_fake_image_url(key)
|
||||||
OrbitStore::URL + "/fake_data/#{key}/images/" + rand(1..15).to_s + ".jpg"
|
OrbitStore::URL + "/fake_data/#{key}/images/" + secure_rand_number(1..15).to_s + ".jpg"
|
||||||
end
|
end
|
||||||
|
|
||||||
def get_random_status
|
def get_random_status
|
||||||
|
|
|
||||||
|
|
@ -250,7 +250,7 @@ module Orbit
|
||||||
request = ActionDispatch::Request.new(env)
|
request = ActionDispatch::Request.new(env)
|
||||||
request_path = env["REQUEST_PATH"].to_s.sub(/^\/#{I18n.locale}\//, '/')
|
request_path = env["REQUEST_PATH"].to_s.sub(/^\/#{I18n.locale}\//, '/')
|
||||||
session = env["rack.session"]
|
session = env["rack.session"]
|
||||||
if Rails.env != "production" && request_path.start_with?('/admin') && (@current_user = (session[:user_id] ? User.find(session[:user_id]) : nil) rescue nil)
|
if (Site::DEBUG rescue false) || (Rails.env != "production" && request_path.start_with?('/admin') && (@current_user = (session[:user_id] ? User.find(session[:user_id]) : nil) rescue nil))
|
||||||
exception = env['action_dispatch.exception']
|
exception = env['action_dispatch.exception']
|
||||||
@routes_app = env["action_dispatch.routes"]
|
@routes_app = env["action_dispatch.routes"]
|
||||||
if Is_Rails5
|
if Is_Rails5
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue