fixed 解决安全问题访问附件,id改为uuid,查看附件
This commit is contained in:
parent
247c5a60b1
commit
60c8b25075
|
@ -144,11 +144,12 @@ class AttachmentsController < ApplicationController
|
||||||
|
|
||||||
private
|
private
|
||||||
def find_file
|
def find_file
|
||||||
|
tip_exception(404, "您访问的页面不存在或已被删除") if params[:id].blank?
|
||||||
@file =
|
@file =
|
||||||
if params[:type] == 'history'
|
if params[:type] == 'history'
|
||||||
AttachmentHistory.find params[:id]
|
AttachmentHistory.find params[:id]
|
||||||
else
|
else
|
||||||
Attachment.find_by(id: params[:id]) || Attachment.find_by(uuid: params[:id])
|
Attachment.where_id_or_uuid(params[:id]).first
|
||||||
end
|
end
|
||||||
tip_exception(404, "您访问的页面不存在或已被删除") if @file.blank?
|
tip_exception(404, "您访问的页面不存在或已被删除") if @file.blank?
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue