Upgraded 2 gems by rebuilding Gemfile.lock file; Fixed find/first dep warning #158
This commit is contained in:
Al Snow
+2
-2
@@ -93,7 +93,7 @@ GEM
|
|||||||
eventmachine (1.0.3)
|
eventmachine (1.0.3)
|
||||||
execjs (2.2.1)
|
execjs (2.2.1)
|
||||||
fastercsv (1.5.5)
|
fastercsv (1.5.5)
|
||||||
ffi (1.9.5)
|
ffi (1.9.6)
|
||||||
foreman (0.75.0)
|
foreman (0.75.0)
|
||||||
dotenv (~> 0.11.1)
|
dotenv (~> 0.11.1)
|
||||||
thor (~> 0.19.1)
|
thor (~> 0.19.1)
|
||||||
@@ -159,7 +159,7 @@ GEM
|
|||||||
sqlite3-ruby
|
sqlite3-ruby
|
||||||
thin
|
thin
|
||||||
method_source (0.8.2)
|
method_source (0.8.2)
|
||||||
mime-types (2.3)
|
mime-types (2.4.1)
|
||||||
mini_portile (0.5.3)
|
mini_portile (0.5.3)
|
||||||
minitest (4.7.5)
|
minitest (4.7.5)
|
||||||
multi_json (1.10.1)
|
multi_json (1.10.1)
|
||||||
|
|||||||
@@ -31,7 +31,8 @@ class UsersController < ApplicationController
|
|||||||
# Still an Insecure DoR vulnerability
|
# Still an Insecure DoR vulnerability
|
||||||
#user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
|
#user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
|
||||||
|
|
||||||
user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
|
# user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
|
||||||
|
user = User.where("user_id = '#{params[:user][:user_id]}'").first
|
||||||
if user
|
if user
|
||||||
user.skip_user_id_assign = true
|
user.skip_user_id_assign = true
|
||||||
user.skip_hash_password = true
|
user.skip_hash_password = true
|
||||||
|
|||||||
Reference in New Issue
Block a user