Fix vulnerable.

This commit is contained in:
BoHung Chiu 2022-10-24 16:09:44 +08:00
parent 26e9ef8d43
commit 4dcb3b5b1d
2 changed files with 5 additions and 4 deletions

View File

@ -53,7 +53,7 @@ class Admin::PatentsController < OrbitMemberController
end
def new
@member = Array(MemberProfile.find_by(:uid=>params['uid'])) rescue nil
@member = Array(MemberProfile.find_by(:uid=>params['uid'].to_s)) rescue nil
@patent = Patent.new
if params[:desktop]
@ -203,7 +203,7 @@ class Admin::PatentsController < OrbitMemberController
end
def frontend_setting
@member = MemberProfile.find_by(:uid=>params['uid']) rescue nil
@member = MemberProfile.find_by(:uid=>params['uid'].to_s) rescue nil
@intro = PatentIntro.find_by(:member_profile_id=>@member.id) rescue nil
@intro = @intro.nil? ? PatentIntro.new({:member_profile_id=>@member.id}) : @intro
end

View File

@ -95,7 +95,8 @@ class PersonalPatentsController < ApplicationController
choice = choice.map { |value| value.inject :merge }
select_text = t('personal_patent.search_class')
search_text = t('personal_patent.word_to_search')
csrf_value = (0...46).map { ('a'..'z').to_a[rand(26)] }.join
@_request = OrbitHelper.request
csrf_value = form_authenticity_token
{
'patents' => patent_list,
'extras' => { 'widget-title' => t('module_name.personal_patent'),
@ -112,7 +113,7 @@ class PersonalPatentsController < ApplicationController
def show
params = OrbitHelper.params
plugin = Patent.where(is_hidden: false).find_by(uid: params[:uid])
plugin = Patent.where(is_hidden: false).find_by(uid: params[:uid].to_s)
fields_to_show = %w[
patent_title
patent_no