fix security problem
This commit is contained in:
parent
4a584b2f8f
commit
a691508205
|
@ -68,6 +68,7 @@
|
|||
<div class="search_widget" style="display: flex;flex-wrap: wrap;font-size: 1.1em;">
|
||||
<%= select_tag('category',options_for_select(all_cat.concat(cats.map{|v| [v.title,v.id.to_s]}),:selected => params['category'].to_s),:id=>"category_select_box",:prompt => t('announcement.select_prompt')) %>
|
||||
<input class="search_box" type="text" name="keywords" value="<%= params['keywords'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.keywords') %>">
|
||||
<div style="display: flex;flex-wrap: wrap;">
|
||||
<div class="default_picker">
|
||||
<input class="search_box" type="text" name="stime" value="<%= params['stime'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.stime') %>" data-format="yyyy/mm/dd">
|
||||
</div>
|
||||
|
@ -75,6 +76,8 @@
|
|||
<div class="default_picker">
|
||||
<input class="search_box" type="text" name="etime" value="<%= params['etime'].to_s.gsub(/\"/,'') %>" placeholder="<%= t('announcement.etime') %>" data-format="yyyy/mm/dd">
|
||||
</div>
|
||||
</div>
|
||||
<input type="hidden" name="authenticity_token" value="<%= (0...46).map { ('a'..'z').to_a[rand(26)] }.join %>">
|
||||
<input class="search_box" type="submit" value="<%= t('announcement.search') %>">
|
||||
</div>
|
||||
</form>
|
||||
|
|
Loading…
Reference in New Issue