More Rails 4.0 upgrade changes

1. Compared existing branch with empty Rails 4.0 project and made changes as needed. 2. Fix find/first warning. 3. Fix sqlite timeout issue. -- config/database.yml -- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
parent ed5f2796a4
commit 1ea0c2ddbb
28 changed files with 234 additions and 68 deletions
@@ -12,6 +12,7 @@
 //
 //= require jquery
 //= require jquery_ujs
+//= require turbolinks
 //= require wysiwyg/wysihtml5-0.3.0.js
 //= require jquery.min.js
 //= require jquery.scrollUp.js
@@ -31,6 +32,7 @@
 //= require jsapi
 //= html5.js

+
 function rubyCodeFormat() {
 	

@@ -3,7 +3,9 @@ class ApplicationController < ActionController::Base
  helper_method :current_user, :is_admin?, :sanitize_font

  # Our security guy keep talking about sea-surfing, cool story bro.
-  # protect_from_forgery
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  #protect_from_forgery with: :exception

  private

@@ -31,7 +31,8 @@ class UsersController < ApplicationController
    # Still an Insecure DoR vulnerability
    #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])

-    user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+    #user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+    user = User.where("user_id == '#{params[:user][:user_id]}'").first
    if user
      user.skip_user_id_assign = true
      user.skip_hash_password = true
@@ -2,8 +2,8 @@
 <html>
 <head>
  <title>RailsGoat</title>
-  <%= stylesheet_link_tag    "application", :media => "all" %>
-  <%= javascript_include_tag "application" %>
+  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
+  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
  <%= csrf_meta_tags %> <!-- <~ What is this for? I hear it helps w/ JS and Sea-surfing.....whatevz -->
  <!-- bootstrap css -->
 <%