Fix vulnerable.
This commit is contained in:
parent
96e971f200
commit
ff1b6eddc9
|
|
@ -3,7 +3,7 @@ class ArchiveFeedsController < ApplicationController
|
|||
include Admin::ArchiveFilesHelper
|
||||
def feed_add_remote
|
||||
if params[:url].present?
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
archive_file_feed = ArchiveFileFeed.where(uid: uid).first
|
||||
if !(archive_file_feed.remote_urls.include?(params[:url]))
|
||||
archive_file_feed.remote_urls << params[:url]
|
||||
|
|
@ -14,7 +14,7 @@ class ArchiveFeedsController < ApplicationController
|
|||
end
|
||||
def feed_remove_remote
|
||||
if params[:url].present?
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
archive_file_feed = ArchiveFileFeed.where(uid: uid).first
|
||||
if archive_file_feed.remote_urls.delete(params[:url])
|
||||
archive_file_feed.save
|
||||
|
|
@ -23,7 +23,7 @@ class ArchiveFeedsController < ApplicationController
|
|||
render :json => {success: true}
|
||||
end
|
||||
def feed
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
feed_cache = ArchiveFileFeedCache.where(uid: uid)
|
||||
feed_cache_old = feed_cache.last
|
||||
count = feed_cache.count
|
||||
|
|
@ -42,7 +42,7 @@ class ArchiveFeedsController < ApplicationController
|
|||
end
|
||||
|
||||
def rssfeed
|
||||
uid = params[:uid]
|
||||
uid = params[:uid].to_s
|
||||
@aff = ArchiveFileFeed.find_by(:uid => uid) rescue nil
|
||||
if !@aff.nil?
|
||||
tags = @aff.tag_ids
|
||||
|
|
|
|||
|
|
@ -5,7 +5,15 @@ class ArchivesController < ApplicationController
|
|||
end
|
||||
#avoid the categories to be not in the ArchiveCategory
|
||||
def serve_cmap
|
||||
serve_path=File.expand_path("../../assets/javascripts/archive/pdf/bcmaps/#{params[:file_name]}.#{params[:extension]}",__FILE__)
|
||||
file_name = params[:file_name].to_s
|
||||
if file_name.include?('/')
|
||||
file_name = file_name.split('/').last
|
||||
end
|
||||
extension = params[:extension].to_s
|
||||
if extension.include?('/')
|
||||
extension = extension.split('/').last
|
||||
end
|
||||
serve_path=File.expand_path("../../assets/javascripts/archive/pdf/bcmaps/#{file_name}.#{extension}",__FILE__)
|
||||
if Dir.glob(serve_path).length != 0
|
||||
send_file(serve_path, type: "application/octet-stream")
|
||||
else
|
||||
|
|
@ -14,7 +22,7 @@ class ArchivesController < ApplicationController
|
|||
end
|
||||
def show
|
||||
params = OrbitHelper.params
|
||||
archive_file = ArchiveFile.find_by(:uid=>params[:uid])
|
||||
archive_file = ArchiveFile.find_by(:uid=>params[:uid].to_s)
|
||||
locale = I18n.locale.to_s
|
||||
data, serial_number, idx = archive_file.get_frontend_data(locale, 0, 0, true, OrbitHelper.url_to_show(""))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -424,7 +424,7 @@ class ArchiveFile
|
|||
http = Net::HTTP.new(new_uri.host, new_uri.port)
|
||||
if location.include?('https')
|
||||
http.use_ssl = true
|
||||
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||||
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
||||
end
|
||||
request.instance_variable_set(:@path, new_uri.path)
|
||||
response = self.http_request(http, request)
|
||||
|
|
|
|||
Loading…
Reference in New Issue