Undid my find/first fix

2014-09-17 14:11:01 -04:00
parent 1d3540dbb2
commit d6a6864f73
1 changed files with 1 additions and 2 deletions
@@ -31,8 +31,7 @@ class UsersController < ApplicationController
    # Still an Insecure DoR vulnerability
    #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])

-    #user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
-    user = User.where("user_id == '#{params[:user][:user_id]}'").first
+    user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
    if user
      user.skip_user_id_assign = true
      user.skip_hash_password = true