From 6528b56de671ad89782226dc7de420ce5476a37a Mon Sep 17 00:00:00 2001
From: Ken Johnson <cktricky@Kens-MacBook-Pro.local>
Date: Mon, 3 Jun 2013 02:19:36 -0400
Subject: [PATCH] added a sql injection vulnerability

---
 app/controllers/users_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 437d299..c068422 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -23,7 +23,8 @@ class UsersController < ApplicationController
   end
   
   def account_settings
-    @user = current_user
+    #@user = current_user
+    @user = User.find(:first, :conditions => "user_id = '#{params[:user_id]}'")
   end
   
   def update