scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-11-06 14:36:23 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #8079 from artoscinote/ma_SCI_11325

Browse source 
Fixes for issues reported by CodeQL
This commit is contained in:
Martin Artnik 2024-12-02 15:29:34 +01:00 committed by GitHub
commit e2b0aa6706
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 4 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/gene_sequence_assets_controller.rb
View file

@ -3,8 +3,6 @@
class GeneSequenceAssetsController < ApplicationController
include ActiveStorage::SetCurrent
skip_before_action :verify_authenticity_token
before_action :check_open_vector_service_enabled, except: %i(new edit)
before_action :load_vars, except: %i(new create)
before_action :load_create_vars, only: %i(new create)

1
app/controllers/results_controller.rb
View file

@ -3,7 +3,6 @@
class ResultsController < ApplicationController
include Breadcrumbs
include TeamsHelper
skip_before_action :verify_authenticity_token, only: %i(create update destroy duplicate)
before_action :load_my_module
before_action :load_vars, only: %i(destroy elements assets upload_attachment archive restore destroy
update_view_state update_asset_view_mode update duplicate)

16
app/models/asset.rb
View file

@ -296,18 +296,10 @@ class Asset < ApplicationRecord
action = get_action(file_ext, action)
if !action.nil?
action_url = action[:urlsrc]
if ENV['WOPI_BUSINESS_USERS'] && ENV['WOPI_BUSINESS_USERS'] == 'true'
action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER&>/,
'IsLicensedUser=1&')
action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER>/,
'IsLicensedUser=1')
else
action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER&>/,
'IsLicensedUser=0&')
action_url = action_url.gsub(/<IsLicensedUser=BUSINESS_USER>/,
'IsLicensedUser=0')
end
action_url = action_url.gsub(/<.*?=.*?>/, '')
# Extract only the licenced user flag parameter
is_licenced_user = ENV['WOPI_BUSINESS_USERS'] == 'true' && action_url[:urlsrc].include?('IsLicensedUser=BUSINESS_USER')
action_url = action_url[:urlsrc].split('?').first + "?IsLicencedUser=#{is_licenced_user ? 1 : 0}"
rest_url = Rails.application.routes.url_helpers.wopi_rest_endpoint_url(
host: ENV['WOPI_ENDPOINT_URL'],