I think there was a subtle bug in the intentional security bypass within the admin controller

2013-11-14 15:05:00 -05:00
parent f53ab56e92
commit 53dcc75f74
1 changed files with 1 additions and 1 deletions
@@ -48,7 +48,7 @@ class AdminController < ApplicationController
  private

  def admin_param
-    params[:id] == '1'
+    params[:admin_id] != '1'
  end
  
 end