Revert "Fix code scanning alert no. 8: Uncontrolled data used in path…

… expression" This reverts commit 9a5099a.
thoherr · Oct 19, 2024 · 97f4c93 · 97f4c93
1 parent 9a5099a
commit 97f4c93
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
@@ -99,8 +99,7 @@ def csv_import
     return redirect_to event_path(@event), notice: I18n.t('only_csv_files_allowed') unless params[:file].content_type == 'text/csv'
 
     if @event
-      sanitized_file = ActiveStorage::Filename.new(params[:file].original_filename).sanitized
-      import = CsvExhibitImport.call(@event, sanitized_file)
+      import = CsvExhibitImport.call(@event, params[:file])
       redirect_to event_path(@event),
                   notice: I18n.t('moc_data_imported_stats_notice', import: import[:ignore_count], import2: import[:failure_count], import3: import[:success_count]),
                   alert: import[:errors].size > 0 ? I18n.t('failed_moc_ids', inspect: import[:errors].inspect) : nil

diff --git a/app/services/csv_exhibit_import.rb b/app/services/csv_exhibit_import.rb
@@ -15,7 +15,7 @@ def call
     success_count = 0;
     failure_count = 0
     errors = []
-    opened_file = File.open(Rails.root.join('tmp', @file))
+    opened_file = File.open(@file)
     options = { headers: true, col_sep: ';' }
     CSV.foreach(opened_file, **options) do |row|