saurabh
/
announcement-test
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix

This commit is contained in:
chiu 2021-08-04 20:14:32 +08:00
parent b0abf3d1e1
commit e71289398b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/announcements_controller.rb
View File

@ -497,7 +497,10 @@ class AnnouncementsController < ApplicationController
end end
def get_file def get_file
@url = request.path @url = request.path
render :file => "#{Rails.root}/app/views/errors/404.html", :layout => false, :status => :not_found, :content_type => 'text/html' and return if @url.match(/\/\.\./) if @url.match(/\/\.\./)
render :file => "#{Rails.root}/app/views/errors/404.html", :layout => false, :status => :not_found, :content_type => 'text/html'
return
end
begin begin
file = BulletinFile.find(params[:id]) file = BulletinFile.find(params[:id])
if File.basename(file.file.path) != URI.decode(params[:f_name]) if File.basename(file.file.path) != URI.decode(params[:f_name])