floraachy
/
gitlink-forgeplus
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fixed 解决安全问题访问附件,id改为uuid,查看附件

This commit is contained in:
xxq250 2023-12-12 16:57:39 +08:00
parent 247c5a60b1
commit 60c8b25075
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/attachments_controller.rb
View File

@ -144,11 +144,12 @@ class AttachmentsController < ApplicationController
private private
def find_file def find_file
tip_exception(404, "您访问的页面不存在或已被删除") if params[:id].blank?
@file = @file =
if params[:type] == 'history' if params[:type] == 'history'
AttachmentHistory.find params[:id] AttachmentHistory.find params[:id]
else else
Attachment.find_by(id: params[:id]) || Attachment.find_by(uuid: params[:id]) Attachment.where_id_or_uuid(params[:id]).first
end end
tip_exception(404, "您访问的页面不存在或已被删除") if @file.blank? tip_exception(404, "您访问的页面不存在或已被删除") if @file.blank?
end end