floraachy/gitlink-forgeplus
1
0
Fork 0
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git synced 2026-05-17 02:05:58 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: sql attack

Browse Source
This commit is contained in:
vilet.yy
2021-06-17 16:13:40 +08:00
parent 880f09a94a
commit 09dfd504c2
17 changed files with 59 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/versions_controller.rb
View File

@@ -7,8 +7,6 @@ class VersionsController < ApplicationController
def index
return render_not_found unless @project.has_menu_permission("versions")
@user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user))
order_name = params[:order_name] || "created_on"
order_type = params[:order_type] || "desc"
status = params[:status]
versions = @project.versions.version_includes
@open_versions_size = versions.where(status: "open")&.size
@@ -27,9 +25,6 @@ class VersionsController < ApplicationController
end
def show
order_name = params[:order_name] || "created_on"
order_type = params[:order_type] || "desc"
version_issues = @version.issues.issue_includes
status_type = params[:status_type] || "1"
@@ -167,4 +162,12 @@ class VersionsController < ApplicationController
end
end
def order_name
Version.column_names.include?(params[:order_name]) ? params[:order_name] : 'created_on'
end
def order_type
%w(desc asc).include?(params[:order_type]) ? params[:order_type] : 'desc'
end
end