fixed 解决安全问题访问附件，id改为uuid，检测附件

2023-11-22 11:28:35 +08:00 · 2023-11-22 11:28:35 +08:00 · 9526d1b896
parent d26dcb5b9a
commit 9526d1b896
1 changed files with 1 additions and 1 deletions
--- a/app/services/api/v1/issues/concerns/checkable.rb
+++ b/app/services/api/v1/issues/concerns/checkable.rb
@ -31,7 +31,7 @@ module Api::V1::Issues::Concerns::Checkable
  def check_attachments (attachment_ids)
    raise ApplicationService::Error, "请输入正确的附件ID数组！" unless attachment_ids.is_a?(Array)
    attachment_ids.each do |aid|
-      raise ApplicationService::Error, "请输入正确的附件ID！" unless Attachment.exists?(id: aid)
+      raise ApplicationService::Error, "请输入正确的附件ID！" unless Attachment.exists?(id: aid) || Attachment.exists?(uuid: aid)
    end 
  end