diff --git a/Gemfile b/Gemfile
index f51d914..b63980f 100755
--- a/Gemfile
+++ b/Gemfile
@@ -49,6 +49,8 @@ gem 'sass-rails'
gem 'coffee-rails'
gem 'jquery-fileupload-rails'
gem 'uglifier'
+gem 'turbolinks' # New for Rails 4.0
+
# See https://github.com/sstephenson/execjs#readme for more supported runtimes
# gem 'therubyracer', :platforms => :ruby
@@ -82,3 +84,9 @@ gem 'therubyracer'
# Add SMTP server support using MailCatcher
gem 'mailcatcher'
+
+#For Rails 4.0
+#group :doc do
+# # bundle exec rake doc:rails generates the API under doc/api.
+# gem 'sdoc', require: false
+#end
diff --git a/Gemfile.lock b/Gemfile.lock
index ef3263b..1adcbd3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -284,6 +284,8 @@ GEM
polyglot
polyglot (>= 0.3.1)
trollop (2.0)
+ turbolinks (2.3.0)
+ coffee-rails
tzinfo (0.3.41)
uglifier (2.5.3)
execjs (>= 0.3.0)
@@ -334,5 +336,6 @@ DEPENDENCIES
sqlite3
therubyracer
travis-lint
+ turbolinks
uglifier
unicorn
diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
index 902f1e8..f58ec86 100755
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -12,6 +12,7 @@
//
//= require jquery
//= require jquery_ujs
+//= require turbolinks
//= require wysiwyg/wysihtml5-0.3.0.js
//= require jquery.min.js
//= require jquery.scrollUp.js
@@ -31,6 +32,7 @@
//= require jsapi
//= html5.js
+
function rubyCodeFormat() {
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9524491..c8393dd 100755
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,7 +3,9 @@ class ApplicationController < ActionController::Base
helper_method :current_user, :is_admin?, :sanitize_font
# Our security guy keep talking about sea-surfing, cool story bro.
- # protect_from_forgery
+ # Prevent CSRF attacks by raising an exception.
+ # For APIs, you may want to use :null_session instead.
+ #protect_from_forgery with: :exception
private
diff --git a/app/controllers/concerns/.keep b/app/controllers/concerns/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1fb5d4a..d8835fb 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -31,7 +31,8 @@ class UsersController < ApplicationController
# Still an Insecure DoR vulnerability
#user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
- user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+ #user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+ user = User.where("user_id == '#{params[:user][:user_id]}'").first
if user
user.skip_user_id_assign = true
user.skip_hash_password = true
diff --git a/app/models/concerns/.keep b/app/models/concerns/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 03fed5d..cd37348 100755
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -2,8 +2,8 @@
RailsGoat
- <%= stylesheet_link_tag "application", :media => "all" %>
- <%= javascript_include_tag "application" %>
+ <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %>
+ <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
<%= csrf_meta_tags %>
<%
diff --git a/config.ru b/config.ru
index bee68f6..5bc2a61 100755
--- a/config.ru
+++ b/config.ru
@@ -1,4 +1,4 @@
# This file is used by Rack-based servers to start the application.
require ::File.expand_path('../config/environment', __FILE__)
-run Railsgoat::Application
+run Rails.application
diff --git a/config/application.rb b/config/application.rb
index 7a2e9d3..ce5141a 100755
--- a/config/application.rb
+++ b/config/application.rb
@@ -2,6 +2,8 @@ require File.expand_path('../boot', __FILE__)
require 'rails/all'
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
Bundler.require(:default, Rails.env)
module Railsgoat
diff --git a/config/boot.rb b/config/boot.rb
index 5e5f0c1..3596736 100755
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,4 +1,4 @@
# Set up gems listed in the Gemfile.
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
diff --git a/config/database.yml b/config/database.yml
index bb84441..38ed83a 100755
--- a/config/database.yml
+++ b/config/database.yml
@@ -7,13 +7,13 @@ development:
adapter: sqlite3
database: db/development.sqlite3
pool: 5
- timeout: 5000
+ timeout: 15000
mysql:
adapter: mysql2
database: development_railsgoat
pool: 5
- timeout: 5000
+ timeout: 15000
host: localhost
username: root
password:
@@ -25,7 +25,7 @@ test:
adapter: sqlite3
database: db/test.sqlite3
pool: 5
- timeout: 5000
+ timeout: 15000
production:
adapter: sqlite3
diff --git a/config/environments/development.rb b/config/environments/development.rb
index ed6116c..45fc75d 100755
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -9,11 +9,11 @@ Railsgoat::Application.configure do
# Log error messages when you accidentally call methods on nil.
config.whiny_nils = true
- # Show full error reports and disable caching
+ # Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
- # Don't care if the mailer can't send
+ # Don't care if the mailer can't send.
config.action_mailer.raise_delivery_errors = false
# Print deprecation notices to the Rails logger
@@ -32,7 +32,9 @@ Railsgoat::Application.configure do
# Do not compress assets
config.assets.compress = false
- # Expands the lines which load the assets
+ # Debug mode disables concatenation and preprocessing of assets.
+ # This option may cause significant delays in view rendering with a large
+ # number of complex assets.
config.assets.debug = true
# ActionMailer settings for email support
@@ -48,6 +50,9 @@ Railsgoat::Application.configure do
:ignore => [ %r{dont/modify\.html$} ]
)
- # For Rails 4.0+
+ # For Rails 4.0+: Do not eager load code on boot.
config.eager_load = false
+
+ # For Rails 4.0+: Raise an error on page load if there are pending migrations
+ config.active_record.migration_error = :page_load
end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 1ada3e1..69cf20b 100755
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -1,37 +1,50 @@
Railsgoat::Application.configure do
# Settings specified here will take precedence over those in config/application.rb
- # Code is not reloaded between requests
+ # Code is not reloaded between requests.
config.cache_classes = true
- # Full error reports are disabled and caching is turned on
+ # Full error reports are disabled and caching is turned on.
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
- # Disable Rails's static asset server (Apache or nginx will already do this)
+ # Enable Rack::Cache to put a simple HTTP cache in front of your application
+ # Add `rack-cache` to your Gemfile before enabling this.
+ # For large-scale production use, consider using a caching
+ # reverse proxy like nginx, varnish or squid.
+ # config.action_dispatch.rack_cache = true
+
+ # Disable Rails's static asset server (Apache or nginx will already do this).
config.serve_static_assets = false
# Compress JavaScripts and CSS
config.assets.compress = true
- # Don't fallback to assets pipeline if a precompiled asset is missed
- config.assets.compile = true
+ # Compress JavaScripts and CSS.
+ config.assets.js_compressor = :uglifier
+ # config.assets.css_compressor = :sass
- # Generate digests for assets URLs
+ # Do not fallback to assets pipeline if a precompiled asset is missed.
+ config.assets.compile = true # default is false
+
+ # Generate digests for assets URLs.
config.assets.digest = true
+ # For Rails 4.0+: Version of your assets, change this if you want to expire all your assets.
+ config.assets.version = '1.0'
+
# Defaults to nil and saved in location specified by config.assets.prefix
# config.assets.manifest = YOUR_PATH
- # Specifies the header that your server uses for sending files
+ # Specifies the header that your server uses for sending files.
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
- # See everything in the log (default is :info)
- # config.log_level = :debug
+ # Set to :debug to see everything in the log.
+ config.log_level = :info
# Prepend all log lines with the following tags
# config.log_tags = [ :subdomain, :uuid ]
@@ -55,16 +68,45 @@ Railsgoat::Application.configure do
# config.threadsafe!
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
- # the I18n.default_locale when a translation can not be found)
+ # the I18n.default_locale when a translation can not be found).
config.i18n.fallbacks = true
- # Send deprecation notices to registered listeners
+ # Send deprecation notices to registered listeners.
config.active_support.deprecation = :notify
# Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL)
# config.active_record.auto_explain_threshold_in_seconds = 0.5
- # For Rails 4.0+
+ # For Rails 4.0+: Eager load code on boot. This eager loads most of
+ # Rails and your application in memory, allowing both thread web
+ # servers and those relying on copy on write to perform better.
+ # Rake tasks automatically ignore this option for performance.
config.eager_load = true
+
+ # For Rails 4.0+: Use default logging formatter so that PID and timestamp are not suppressed.
+ config.log_formatter = ::Logger::Formatter.new
+
+ # For Rails 4.0+: Disable automatic flushing of the log to improve performance.
+ # config.autoflush_log = false
+
+ # Prepend all log lines with the following tags.
+ # config.log_tags = [ :subdomain, :uuid ]
+
+ # Use a different logger for distributed setups.
+ # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+ # Use a different cache store in production.
+ # config.cache_store = :mem_cache_store
+
+ # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+ # config.action_controller.asset_host = "http://assets.example.com"
+
+ # Precompile additional assets.
+ # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
+ # config.assets.precompile += %w( search.js )
+
+ # Ignore bad email addresses and do not raise email delivery errors.
+ # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+ # config.action_mailer.raise_delivery_errors = false
end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 899e600..f63436d 100755
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -7,18 +7,18 @@ Railsgoat::Application.configure do
# and recreated between test runs. Don't rely on the data there!
config.cache_classes = true
- # Configure static asset server for tests with Cache-Control for performance
+ # Configure static asset server for tests with Cache-Control for performance.
config.serve_static_assets = true
config.static_cache_control = "public, max-age=3600"
- # Show full error reports and disable caching
+ # Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
- # Raise exceptions instead of rendering exception templates
+ # Raise exceptions instead of rendering exception templates.
config.action_dispatch.show_exceptions = false
- # Disable request forgery protection in test environment
+ # Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
# Tell Action Mailer not to deliver emails to the real world.
@@ -26,9 +26,12 @@ Railsgoat::Application.configure do
# ActionMailer::Base.deliveries array.
config.action_mailer.delivery_method = :test
- # Print deprecation notices to the stderr
+ # Print deprecation notices to the stderr.
config.active_support.deprecation = :stderr
# For Rails 4.0+
+ # Do not eager load code on boot. This avoids loading your whole application
+ # just for the purpose of running a single test. If you are using a tool that
+ # preloads Rails for running tests, you may have to set it to true.
config.eager_load = false
end
diff --git a/config/initializers/wrap_parameters.rb b/config/initializers/wrap_parameters.rb
index 999df20..6835995 100755
--- a/config/initializers/wrap_parameters.rb
+++ b/config/initializers/wrap_parameters.rb
@@ -5,7 +5,7 @@
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
ActiveSupport.on_load(:action_controller) do
- wrap_parameters format: [:json]
+ wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
end
# Disable root element in JSON by default.
diff --git a/public/404.html b/public/404.html
index 9a48320..a0daa0c 100755
--- a/public/404.html
+++ b/public/404.html
@@ -2,17 +2,48 @@
The page you were looking for doesn't exist (404)
-
@@ -22,5 +53,6 @@
The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.
+ If you are the application owner check the logs for more information.
diff --git a/public/422.html b/public/422.html
index 83660ab..fbb4b84 100755
--- a/public/422.html
+++ b/public/422.html
@@ -2,17 +2,48 @@
The change you wanted was rejected (422)
-
@@ -22,5 +53,6 @@
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
+ If you are the application owner check the logs for more information.
diff --git a/public/500.html b/public/500.html
index f3648a0..e9052d3 100755
--- a/public/500.html
+++ b/public/500.html
@@ -2,17 +2,48 @@
We're sorry, but something went wrong (500)
-
@@ -21,5 +52,6 @@
We're sorry, but something went wrong.
+ If you are the application owner check the logs for more information.