Fix vulnerable.
This commit is contained in:
parent
d54176b635
commit
cb8acf3f8c
|
@ -107,7 +107,7 @@ class Admin::BooksController < OrbitMemberController
|
||||||
|
|
||||||
def new
|
def new
|
||||||
@book = Book.new
|
@book = Book.new
|
||||||
@member = Array(MemberProfile.find_by(:uid=>params['uid'])) rescue nil
|
@member = Array(MemberProfile.find_by(:uid=>params['uid'].to_s)) rescue nil
|
||||||
if params[:desktop]
|
if params[:desktop]
|
||||||
render :layout => false
|
render :layout => false
|
||||||
end
|
end
|
||||||
|
@ -213,7 +213,7 @@ class Admin::BooksController < OrbitMemberController
|
||||||
end
|
end
|
||||||
|
|
||||||
def frontend_setting
|
def frontend_setting
|
||||||
@member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
|
@member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
|
||||||
@intro = BookIntro.find_by(:member_profile_id=>@member.id) rescue nil
|
@intro = BookIntro.find_by(:member_profile_id=>@member.id) rescue nil
|
||||||
@intro = @intro.nil? ? BookIntro.new({:member_profile_id=>@member.id}) : @intro
|
@intro = @intro.nil? ? BookIntro.new({:member_profile_id=>@member.id}) : @intro
|
||||||
end
|
end
|
||||||
|
|
|
@ -51,7 +51,11 @@ class PersonalBooksController < ApplicationController
|
||||||
when 'note'
|
when 'note'
|
||||||
books_show = books_temp.select { |value| search_all_words(Nokogiri::HTML(value.note).text, params[:keywords]) }
|
books_show = books_temp.select { |value| search_all_words(Nokogiri::HTML(value.note).text, params[:keywords]) }
|
||||||
else
|
else
|
||||||
|
if fields_to_show.include?(params[:selectbox])
|
||||||
books_show = books_temp.select { |value| search_all_words(value.send(params[:selectbox]).to_s, params[:keywords]) }
|
books_show = books_temp.select { |value| search_all_words(value.send(params[:selectbox]).to_s, params[:keywords]) }
|
||||||
|
else
|
||||||
|
books_show = books_temp
|
||||||
|
end
|
||||||
end
|
end
|
||||||
page_to_show = params[:page_no].nil? ? 1 : params[:page_no].to_i
|
page_to_show = params[:page_no].nil? ? 1 : params[:page_no].to_i
|
||||||
books = books_show[(page_to_show - 1) * page_data_count...page_to_show * page_data_count]
|
books = books_show[(page_to_show - 1) * page_data_count...page_to_show * page_data_count]
|
||||||
|
@ -111,7 +115,8 @@ class PersonalBooksController < ApplicationController
|
||||||
choice = choice.map { |value| value.inject :merge }
|
choice = choice.map { |value| value.inject :merge }
|
||||||
select_text = t('personal_book.search_class')
|
select_text = t('personal_book.search_class')
|
||||||
search_text = t('personal_book.word_to_search')
|
search_text = t('personal_book.word_to_search')
|
||||||
csrf_value = (0...46).map { ('a'..'z').to_a[rand(26)] }.join
|
@_request = OrbitHelper.request
|
||||||
|
csrf_value = form_authenticity_token
|
||||||
{
|
{
|
||||||
'book_list' => book_list,
|
'book_list' => book_list,
|
||||||
'extras' => { 'widget-title' => t('module_name.book'),
|
'extras' => { 'widget-title' => t('module_name.book'),
|
||||||
|
@ -128,7 +133,7 @@ class PersonalBooksController < ApplicationController
|
||||||
|
|
||||||
def show
|
def show
|
||||||
params = OrbitHelper.params
|
params = OrbitHelper.params
|
||||||
plugin = Book.where(is_hidden: false).find_by(uid: params[:uid])
|
plugin = Book.where(is_hidden: false).find_by(uid: params[:uid].to_s)
|
||||||
fields_to_show = %w[
|
fields_to_show = %w[
|
||||||
year
|
year
|
||||||
book_title
|
book_title
|
||||||
|
|
Loading…
Reference in New Issue