fixed 解决安全问题访问附件，id改为uuid,查看附件

app/controllers/attachments_controller.rb

@@ -144,11 +144,12 @@ class AttachmentsController < ApplicationController
 
   private
   def find_file
+    tip_exception(404, "您访问的页面不存在或已被删除") if params[:id].blank?
     @file =
       if params[:type] == 'history'
         AttachmentHistory.find params[:id]
       else
-        Attachment.find_by(id: params[:id]) || Attachment.find_by(uuid: params[:id])
+        Attachment.where_id_or_uuid(params[:id]).first
       end
     tip_exception(404, "您访问的页面不存在或已被删除") if @file.blank?
   end