I think there was a subtle bug in the intentional security bypass within the admin controller · 53dcc75f74 - railsgoat - Gitea: Git with a cup of tea

team-alpha/railsgoat

I think there was a subtle bug in the intentional security bypass within the admin controller

This commit is contained in:

cktricky

2013-11-14 15:05:00 -05:00

parent f53ab56e92

commit 53dcc75f74

1 changed files with 1 additions and 1 deletions

									
										app/controllers/admin_controller.rb
									
		+1
		-1
	
												View File
												
					@@ -48,7 +48,7 @@ class AdminController < ApplicationController

					  private

					  private

					  def admin_param

					  def admin_param

					    params[:id] == '1'

					    params[:admin_id] != '1'

					  end

					  end

					end

					end