Fix vulnerable.

This commit is contained in:
BoHung Chiu 2022-11-01 21:06:02 +08:00
parent 80ea117b1a
commit b2c1e7e305
1 changed files with 1 additions and 1 deletions

View File

@ -7,7 +7,7 @@ class ArchivesController < ApplicationController
def serve_cmap
file_name = File.basename(params[:file_name].to_s)
extension = File.basename(params[:extension].to_s)
serve_path=File.expand_path("../../assets/javascripts/archive/pdf/bcmaps/#{file_name}.#{extension}",__FILE__)
serve_path = File.expand_path("../../assets/javascripts/archive/pdf/bcmaps/#{file_name}.#{extension}",__FILE__)
if Dir.glob(serve_path).length != 0
send_file(serve_path, type: "application/octet-stream")
else