team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding render vuln

Browse Source
This commit is contained in:
Mike McCabe
2015-02-23 20:36:53 -05:00
parent 975002ea76
commit 1eee953f62
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/dashboard_controller.rb
Executable → Regular
+3
View File
@@ -23,4 +23,7 @@ class DashboardController < ApplicationController
render :partial => "layouts/dashboard/dashboard_stats" render :partial => "layouts/dashboard/dashboard_stats"
end end
def doc
render "../../doc/" + params[:doc]
end
end end
app/views/dashboard/home.html.erb
Executable → Regular
+3 -1
View File
@@ -27,13 +27,15 @@
</div> </div>
</div> </div>
</div> </div>
<center><b>Need help using this portal? Check out the <a href="doc?doc=README_FOR_APP">Readme</a></b></center>
</div> <!-- end span12 --> </div> <!-- end span12 -->
</div> </div>
</div> </div>
</div> </div>
<script type="text/javascript"> <script type="text/javascript">
function makeActive(){ function makeActive(){
config/routes.rb
Executable → Regular
+1 -1
View File
@@ -6,7 +6,7 @@ Railsgoat::Application.routes.draw do
match "forgot_password" => "password_resets#forgot_password" match "forgot_password" => "password_resets#forgot_password"
get "password_resets" => "password_resets#confirm_token" get "password_resets" => "password_resets#confirm_token"
post "password_resets" => "password_resets#reset_password" post "password_resets" => "password_resets#reset_password"
get "dashboard/doc" => "dashboard#doc"
resources :sessions do resources :sessions do
end end