team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working on a tutorial for the scope injection / sql injection

Browse Source
This commit is contained in:
cktricky
2014-04-17 20:51:16 -04:00
parent 6975f94381
commit 77fcf26abd
4 changed files with 94 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/admin_controller.rb
+3 -2
View File
@@ -10,8 +10,9 @@ class AdminController < ApplicationController
if params[:field].nil?
fields = "*"
else
#fields = params[:field].map {|k,v| k }.join(",")
fields = params[:field].map {|k,v| Analytics.parse_field(k) }.join(",")
fields = params[:field].map {|k,v| k }.join(",")
# This seems to be a bit safer
#fields = params[:field].map {|k,v| Analytics.parse_field(k) }.join(",")
end
if params[:ip]