From d6a6864f739ca278023a87680daad2ed5a3aa45d Mon Sep 17 00:00:00 2001
From: Al Snow <jasnow@hotmail.com>
Date: Wed, 17 Sep 2014 14:11:01 -0400
Subject: [PATCH] Undid my find/first fix

---
 app/controllers/users_controller.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d8835fb..1fb5d4a 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -31,8 +31,7 @@ class UsersController < ApplicationController
     # Still an Insecure DoR vulnerability
     #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
 
-    #user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
-    user = User.where("user_id == '#{params[:user][:user_id]}'").first
+    user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
     if user
       user.skip_user_id_assign = true
       user.skip_hash_password = true