diff --git a/app/models/benefits.rb b/app/models/benefits.rb
index cebbdc4..92bbdf3 100644
--- a/app/models/benefits.rb
+++ b/app/models/benefits.rb
@@ -12,6 +12,13 @@ class Benefits < ActiveRecord::Base
def self.make_backup(file, data_path, full_file_name)
system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}")
+ # FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}"
end
+
+=begin
+ def self.make_backup(file, data_path, full_file_name)
+ FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}"
+ end
+=end
end
diff --git a/app/views/layouts/tutorial/injection/_injection_command.html.erb b/app/views/layouts/tutorial/injection/_injection_command.html.erb
index 5f1c14a..c53fa77 100644
--- a/app/views/layouts/tutorial/injection/_injection_command.html.erb
+++ b/app/views/layouts/tutorial/injection/_injection_command.html.erb
@@ -124,8 +124,16 @@
SQL Injection - SOLUTION
- The solution is fairly simple and because this is so poorly done there are numerous ways to fix the vulnerability. One option, is to abstract a file creation method and pass it options such as the path and filename, then call it twice, once for the initial upload and another for the backup. Another option is to make a copy through the use of the
+ The solution is fairly simple and because this is so poorly done there are numerous ways to fix the vulnerability. One option, is to abstract a file creation method and pass it options such as the path and filename, then call it twice, once for the initial upload and another for the backup. Another option is to make a copy through the use of the FileUtils.
+
+ As an example:
+
+
+ def self.make_backup(file, data_path, full_file_name)
+ FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}"
+ end
+