team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oops, omitted a couple important features/vulnerabilities

Browse Source
This commit is contained in:
cktricky
2014-09-11 11:13:15 -04:00
parent a50cad0cf3
commit 7e38ac845f
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/models/user.rb
+2 -2
View File
@@ -62,7 +62,7 @@ class User < ActiveRecord::Base
return auth return auth
end end
#=begin =begin
# More secure version, still lacking a decent hashing routine, this is for timing attack prevention # More secure version, still lacking a decent hashing routine, this is for timing attack prevention
def self.authenticate(email, password) def self.authenticate(email, password)
user = find_by_email(email) || User.new(:password => "") user = find_by_email(email) || User.new(:password => "")
@@ -72,7 +72,7 @@ class User < ActiveRecord::Base
raise "Incorrect username or password" raise "Incorrect username or password"
end end
end end
#=end =end
def assign_user_id def assign_user_id
unless @skip_user_id_assign.present? || self.user_id.present? unless @skip_user_id_assign.present? || self.user_id.present?
app/views/layouts/shared/_header.html.erb
+1 -1
View File
@@ -26,7 +26,7 @@
going on with funny chars and jquery, plus it says safe so I'm guessing going on with funny chars and jquery, plus it says safe so I'm guessing
nothing bad will happen nothing bad will happen
--> -->
Welcome, <%= current_user.first_name %> Welcome, <%= current_user.first_name.html_safe %>
</li> </li>
<li> <li>
<%= button_to "RailsGoat Tutorials", tutorials_path, {:class => "btn btn-primary", :method => "get"}%> <%= button_to "RailsGoat Tutorials", tutorials_path, {:class => "btn btn-primary", :method => "get"}%>