Added fix for Analytics SQLi

2014-04-08 18:04:49 -04:00
parent 196b732b91
commit 5bb9c75f06
2 changed files with 13 additions and 3 deletions
@@ -7,11 +7,11 @@ class AdminController < ApplicationController
  end

  def analytics
-
    if params[:field].nil?
      fields = "*"
    else
-      fields = params[:field].map {|k,v| k}.join(",")
+      #fields = params[:field].map {|k,v| k }.join(",")
+      fields = params[:field].map {|k,v| Analytics.parse_field(k) }.join(",")
    end

    if params[:ip]