From 14251e6f397b1d03ae176092fcedaaa321fca354 Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@Kens-MacBook-Pro.local>
Date: Mon, 3 Jun 2013 01:29:16 -0400
Subject: [PATCH] added Insecure dor vuln

---
 app/controllers/work_info_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/controllers/work_info_controller.rb b/app/controllers/work_info_controller.rb
index 6fe09c3..8a7c00f 100644
--- a/app/controllers/work_info_controller.rb
+++ b/app/controllers/work_info_controller.rb
@@ -1,6 +1,11 @@
 class WorkInfoController < ApplicationController
   
   def index
-    @user = current_user
+    @user = User.find_by_user_id(params[:user_id])
+    if !(@user)
+      flash[:error] = "Sorry, no user with that user id exists"
+      redirect_to home_dashboard_index_path
+    end
   end
+  
 end