From 53dcc75f740e92c288480ffe3712ac4a58384546 Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Thu, 14 Nov 2013 15:05:00 -0500
Subject: [PATCH] I think there was a subtle bug in the intentional security
 bypass within the admin controller

---
 app/controllers/admin_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 1a671f7..d7efbdb 100755
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -48,7 +48,7 @@ class AdminController < ApplicationController
   private
 
   def admin_param
-    params[:id] == '1'
+    params[:admin_id] != '1'
   end
   
 end