team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More Rails 4.0 upgrade changes

Browse Source 
1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb
This commit is contained in:
Al Snow
2014-09-13 13:44:07 -04:00
parent ed5f2796a4
commit 1ea0c2ddbb
28 changed files with 234 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/users_controller.rb
+2 -1
View File
@@ -31,7 +31,8 @@ class UsersController < ApplicationController
# Still an Insecure DoR vulnerability
#user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
#user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
user = User.where("user_id == '#{params[:user][:user_id]}'").first
if user
user.skip_user_id_assign = true
user.skip_hash_password = true