team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed comments and Fixed Issue #184

Browse Source
This commit is contained in:
cktricky
2016-04-19 08:43:18 -04:00
parent fafe94b571
commit 7f5af27478
10 changed files with 2 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/users_controller.rb
+1 -7
View File
@@ -25,13 +25,7 @@ class UsersController < ApplicationController
def update
message = false
#Safest
# user = current_user
# Still an Insecure DoR vulnerability
#user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
# user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
user = User.where("user_id = '#{params[:user][:user_id]}'").first
if user
user.skip_user_id_assign = true